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(54) SYSTEM AND METHOD FOR PROTECTION OF DIGITAL WORKS 

(57)Abstract: 

PROBLEM TO BE SOLVED: To provide a method of 
protecting a digital work which uses a format preserving 
encryption scheme to encrypt the digital work. 
SOLUTION: This method enables any native replay 
application 1012 or rendering application 1022 to 
transform an encrypted digital work 1010 into encrypted 
presentation data 1016. The originator's digital content 
is protected in its original form by not being decrypted. 
This method enables the rendering or replay application 
1012 to process the encrypted document into encrypted 
presentation data 1016 without decrypting it first. 
Encrypted presentation data is then decrypted just 
before it is displayed 1026 to the user. An additive 
encryption scheme is a particular type of encryption 
scheme which preserves formatting of a digital work. 
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[ tmm 1 ] '^^KiStF CiSTHfyf-ygyf 
- (z) ^co^&oi? c , tf^ >-r >- -y RlXffM'ff # 

mmt^titzm^-^miz) immtri^^y^r-^ a 

yf-^F(E (z) ) CWSXr 77L 

frfBuf-f-ftrufVx-xH y^-^F(E(z)) ^jc-f-n 

(z) X -r -y TT'fc ot. D (F (E (z) ) =F (z) & - 

- ^ f ( z ) ^cossft^isc . m^y^y v m/imm m 
mi am^ if* * "t^ft^CE t« o r 

mizm^XU^L. HfrlETHr>-r-^3>'r-^F 
(z) tz&hCOmnx. y S J yX'fo ot, D (F (E (z) ) =F 

(z)T**, Mxyyyj;, 

[00 0 1 ] 
[0 0 0 2] 

v'ffifflif§t n y x yvm^m&*mmm?iM<mmtf+ft 

J (IPRM). r Ti/flVBfffl&im J ( D 
PRM) , r^pjf^iij (ipm), r^fij^jij 

(RM) . r t**^MEF!MKIj (DRM) . XV r< 
(ECM) ^tnf(ffLTV^ 0 fy7/H 

fc*^:»;5U*llrfl**iftfFefc 4 ' fc ZmttZ . fc 
v i o «*W*»jSj&** 4 . ^ >"r y 7 T ? -fe x § ttt 
i,. ay^yvmm%<vmm±mzMKLtz3y^y 

[0003] £ i T"W a Zfc^Xti^Mill t liEtf 4 fctt 

«§, seis. s;>-^/k ami. ffi<7)«». V7 
b r> x r , 5*RW6tf>Mfc , - f -f «yt'f*? 



ftttW&JFMJi. ttCfflBW-*^, lE'li^flsiOtt^x 

4 fziz&mMfe±izmnmfc0>m&x*imzti 
y^ymi'm i> t < fi*o-stfj"c*s . 

[0004] aflWSftfc***)*^ Lfc* 

[0005] aflBB»<a»^ isii3t"-«„ a „i^i 

[0006] EPJBK*<0*^. SJfft^^/WW-* t 
WfcJi. n-^x'jr*vh7-^ (LAN) . -f>- 

MJK^IS* t>tifztf, ®$) Ltz t tiWi.^ v> . 
[0007] :*«fii3tolTOtjBSrt-*ie»fc lt. -t 
^aT^yft- (^ik^X-XMztfxfe-t&i'Z.'f 
A ) SWIfilttyXfA 1 1 n 2 oc^a^W^/T^: 

[0008] Bt#fllX*-XA«jt»*llt^fW"4 . ^ 

ifim^tixuzw. mmzte. ^-m^mm^x. m 
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[0 0 0 9] r^ A 7 3 yft-j (XI±*tB»^ft: 

e*H nterTr ust|±CODi g i box* £"<D"rfTlEifiit4 H OgflU KJg 

X*?-XJ>tf£<$mZtvX^Zi:\^ 
[0010] Bf^Lx^-XA&W:^ a rayft- 

S. L*>L&j&*£>. lff{«i, *tf)fifflfc:i}V*T 
9 A £, f*ff § fits < X J4& 6 =3r v \ £ fc £ jl— f j&*ft 

A*^santstt* tome*** 4 . vm^^m^ mn 
5 1 ^TtB-r 4 ^*ra®i4 . a WaHttcW ^ ^ ±T' 

f»£7)«a*%a <^i, mmx'mm%mmtf!khti 

X L4 a . 4-B«0iJlffl3yt i-^WM^^l/ 

0±gfcfrt4*jS?i£cr)4 4 Tfc 4 . 
[0011] r AflJItt^Xx-A J «77n-fT14, 

KflffittS'X-fAcDfliSSte. mra 

fItt<»^x-rA^\ *f^»ti?Mrt**»^)r^ 

ifiy^fM, (Hi If, Wi ndows (fliSl) Mf 

unix immrn) ) RvmrnrnTTv -y-y 3 y 

(#!l;ii±\ Microsoft^ Word) iffitfzPCm/V— 7 



[0012] MoT, itHttossw- fccoffismmzm 

« cox V ^ y h x t- A tffi K) Mi m < X (4* t> * 

[0013] fi£*^S>at^^li?^Bf^ffc*S(4. Bg 
i:. JOS^V^^it*. ^«J4. a««JtlKW^V^ 

K*»<^a-9- * ^ t -rs s> h n> h r r u - ^ 3 > co 
\mizjz$%:mM£5-z-o&« zt>izmm%z\tt,z^ x 

«4. H*. EPJ9J. ^LTStm$xi»II*fl?K 
fflTT'J^r-y 3 ytC«c#"T4 . JKS-ftSfLfc^ y-fe- 

(4. jffR«ts»t TA^j^ta-^rft i t fc 
mtsmtzm^x^ .y lt l 4 a 

[0014] ftfij^^ffl^ii. ISH. fPT, ^tf" . 

^»^aJ4*S^®-CS>4 . i-Hf*^ VxV^Bt 
#«W*f!*B«>Tjt»tc*Jt«JJII*iftfNtlf a ifcjfii* 

SK^iSBILfeO, V7l^iT^lf«f) , j»(4 

( 3-—f<?y^mTi,zfo& -? is ylT¥*tEi3 
fxTV^) (OtlC^yfV >ymw#^)«f iJ 3&«ft $ ft* 

[0015] JG&mim%frk Wzg^zi&iiZ 
mftLtz t )-t&z\bt,3.X'Z%i\ Ltzt^X, 

mzmtt & tzubui . axm&ffl&x'z--' mzm^z 
ft. Lfri>mm^m%jmizmuz<\,^jmx\ 

a y^yy £Qmt& Z t tmmxfo&, 
[0016] 

^mfij<ow$<7>i?mx"i±, <xco i. a *v > < o^oxf 

ttK^o JXt. J--ifli&»« (^HBt^C^xxA 
S:^>rtS*]R0ai^. *f*^. 3 F^^4JS«?fflTT 
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fO'n/; h (Microsoftf±c^Word (jffifl) ^Ado 
beit<7)Acrobat Reader (Ml) ^) "C'S> 0 , At)$tl& 

jcMcoMiH&zcoyu ¥9 v hzm^com^X'h hfrt* x- 

iMm-&m 3 «xf -y r t (Dmx\ ztamitumz 
ttx v ^tz-xmx% -5 t tm^s^M**^ . o 4 

fcT^coW? JK*Tf B'li 3 Jut 4 4 fcSr o *C V * 6 *> & "C 

fcs. tot, i-if5&cpaaKfofc"9 4feisia*« 

[0017] ^S^-rA&^JEfc^fcilifciLLfc 9# 
Tiift^ftW S^T^ttJBfllflifctt, MS. CPUtf£S!| 

t'c7)^x^A«jtwfgfc LXjmzti&. ztit><vm& 

JRofci»#flaiFfHii*ffiffli-*3t«>fc:. JL~rj±M8tt 

[0018] ^:ftAdobe}±CDAcrobat Reader-^^ftM 
icrosoftttOMediaPlayer^rt'f^TfllK^TTy ^— >- a 



[0019] Acrobat ReaderMWfediaPlayeri: 

««S3«i . m^mmwz^zmf £ *i>t 5 >r * 

•CfHBLTV^. ico;htcJ;D. £<0*WTC(flH 

[0020] i-^r-r f>r- -r -f nx/mmmn. 

[0021] w&yffW Mzi$*sm-z_hmtco±% 

If IS) JIf.tr^a-f'CS*^;{:t'*^ i 

^tcj: 7°7 4^-crmmi l zmLxm&ifi$Lt&» 
^-^mm^zmmim^-t^ ( jl— cotiwi* 

^■il^f*!!^ 5 A -fe yzjty-f- •* tclic# L ft 

^DRM^S*««~r4it*«4 Lv^ ifayfy 

[0022] fit-oX*. ssssm^^^Xj^mmti 
ft<ft^» 

[0023] 

( s p d ) a. ±IB^^*Sffio^*i;^M-c# « . i 
i t T\ #S'Jft^- F-?x 7MV 7l-)i 
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[0 0 24] SPDyXfAll 3 y-r >"yffr£:# 

ivjcmzfrfcL. ms^hMm*mi~tz>. act, m> 

[0025] ^— f^x^A-m, aaffia^«(±« 
tmmttx'im~£tiz. . *ssnn*) i swisjbiitw:, s p 

S P D Sffiffl-rtttf. flflJK^ffi^ ( i fcfpfT£»-H* 
&<Ti>}$tf. HfcSSttBKWCtt. 4 com 

Jf^L, S P D k«fSWt:^ILTt?f^ffflJ«£iib 

[0026] *iibjco i Hj&fej^g-efi. nf#^tfc»{±jL 

£±9 rsaHt (polarizing) j $ix£„ 

[0027] *^BB<7)srj^sfe^«iT{±. vfmmm 

fflTT^-ya >'S4. ^ft£^fl^#£fSH§iirr 

[0 0 2 8] WSWSQJUUiWgWnytji— 1 
ii , «R«*ife<0 a fc-otf>;&$£*C3»iW-4 d k tfX'% 

I«ffl77 'J ^-^ a y t nt^fcSftfcirPtftaftte 



b~tZ>z\btfX*%&, 

[0029] ^<wswttii&&* jmzu^m^tjj 

h . U < •o^coStfflXti^WJffl 77 'J a yt 

X^ 4 * a § I. . ffi<?)? A TcoJcMX'te . 

£x coim>mm$:smikt& z t tpxrz h . & s * >f r 

[0030] Wt. JllffiWllt*ffc^C*fflV^jt«WJfi 

gco h - 7 ycom * <r> rnrnizn l x w a w^m^ir a k 

^ft^Bf-f-fb^{i:JP^WBt^-ll:^T' : 3:< Tfi^ 
^sfirv^. L^L^fe. h-^ySf»{i^^t9>^Bf^-fb 

[003 1 ] Bff^ffcS^ut h-^ y8Wtf><?>li, =Sr*3 h 

=Srif) (4, Bi^cOHrr^h-^ytrVKo^O^^f 
■y h T-SftjAO (pad) i fc £ . ; OS^a^ t i 

cD77n-fifflv ; co^M-^-T i k * J -C# 

[0032] *%H^J5'J<7)^Jfi^®T(4. «^ffma 
S i k ^ < «^#^^&fI*I'ffiOft?IRX(iSi^-5ISg 

vrv y y — ^flWR* #tf ^ >f t> . y y — 
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t^xmi iHSflix y y'y mm^xii ?>f- 
yvm^commx^mitztth . SBis-mxy yyji. 

ffl v ^ ii & x V ^ y F TTb £ Wfh 5^- F -§> IB 

[00 34] 8«<^)l6iSftJ^tfflv^« : FW»i*IB 

-xj&^gttJTXo ^fF»r«iB^a-^v ^ y- f 1 \ 

[00 3 5] IBtS-ffcy- F<4. I,»xy F^--ifX 
{iSsftW&xy F jl— f is^&lzW&ffMFHHim*: 

mm<r>?A ~r>*. wmimcommizx^xmm- 

^flH8^)-«^=it-t^^-&. JBfS^-FSrllift 
U *^#f^SV^x-rAr?y-r^xF^?l^r*^IS 



i>cDx-$>h» mz, wmikZiifzn^mmkRVfmt 

[0036] m^uwi^tM/mmm&mm^mmr 
h *%ttycommnx~\± . Bt^-ft $ tu^r v -tfy y 
a yf- 9 ^f^wi/^yf- y a y-r— ^ izm^-f 

-if y^— 3 yf-"— ^ t^^s . 
[0037] mFmmacr>mT^ yy-ywA-zwrnik 
lx 0 v-xmmzmsSKL^x'ZK . wh^-x^t 

mik£irfzw^imzmwLxfmikztitzy°ui£y 
f-yayf-^W^wtn. ;^;k<4. w 
mmutfr^^y^r-ys y^-fowmmmzfi 

i » , jL-nf ^ i § ^^xtiffiffl t= jfaFarTAfD^ v -tf y 
^-ysy^-^lzL^KXtt^^^ZtZMMLX 

w„ m^mm^v v-xmrn^-^^ztuzmix 

3 yf«ft§^yxfA y y-x'it fg^fflv^T . K> 
Sftstifc^ffj^iSf^rnfyf-y 3 yf- 
^fcSEiw-* . ^k zti& v v-xmrnz^xmrnit 

fflr7yt-y 3 y^ Tc^efS-fESiiTif^v^^a 

[0038] IBi&ffcSfLfc^xA 

3yf?xb (yy-xit#) ^fflv^r. susftSfut 

T'J^ygytl fe^^.&ltJfil^X^- 1 ?-- FVn-t-^ 
<DTy° 'J^s J^TIBtr* ^> . S4ffl77 y y--y 
3 y{±. 71/^'yf-ya y-r-**«51SMH-S;fcft 

y t *> s . n*km rryy-^ayii, ( iB^t 

^yy^^51f-|> ) iaSffi4yXrAt L-CfHBLs 
-Ti., ^titiO. V7b7i77nmjffl^t« 

tt^*L. totffiBcte 0 ayf y7«i§fts „ 
[0039] m^^m^xv^mm^rumL. 

izWTWtMZm-^LXW-JccvBi&izL. *iifrt>*=? 
ff»*B4ffl77y y-->- 3 >HtSmth y^fAt 
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[ 0 0 4 0 ] # < <7>«* >f rfO^^HrfPBuatP-teo 
'J y-*flHR£«SHfcl/r* fiWB4WATS4 

[oo4i] *«qH<oaBtarw6ii. 

[0042] 

[ mncvmmmzm ] ^mn^mmmmiz^ uxmm 

t (i*«(c»Sr 0 3 4: JilHeTA* 3 . 

[0043] ^cO^IE^^XT-AfT)^ 

[ o o 4 4 ] ( ttii±\amt ) 1 1 o (i^a^ y 

y't;^yf>7 1 1 2£ffr£U E*PH£&1 1 4(cfflE 

/aMKtti i o**, m^mmi 1 4^3$t«8rcwL 

ist#i i4t*»<»D«#avajJBEa (H^fro^^ 

m&mmx*%&frt>x'fo&» 
[0045] mz^ nmmm 1 1411 sa»s*ut3>- 

fyyn 6*0.— f l 1 8NBrf . SW^m^Em 
ayf-yyi l 2 0>nff^ffcJKfc&l, , O*4. oiO. IB 

^st* 1 1 4 1*3.— r 1 1 s co&mmzmm lx* y ^ 

t^ayfyyi 1 2£Bfr*Ht;U M$W:3yfy 
y 1 1 6»*f*fetfOJL— r 1 1 S^fcftte/SW-*;**"?-* 

xztih, mz. i-if 1 1 8(4i4j-i#«*u?gfit*ffi 



i^/l^a yfyy 1 1 2 s . 

[0 04 6] nyfyyi 1 2^-r^.Sfovu 2 0 

(J, nf 1 1 8^^ia^JH#l 1 4M&SJHW1 2 2 
ifciJHSMl 2 2teu jl— if l l 8fr 

w fc mm l . mm znmmm 

1 14^^VN" 7 f 1 24 h LXmrntZ. iy-hh 
^. 2 2{i^--if^ti 1 Ul 2 OfWtfuCO 

1 2 4<0— SJSSttlX^fci'C. *#fcffiJK4tl 1 0^. 
^i.lU2 6 (EP?)£^#0) ^iifi^o IW^l 

mammxte, m^mmi i4«^«oix»tBw« 1 

i:. ^Sti/sny^y^ l l 6 1 jt«*. 

[0 04 7] i/t. -x— • tf'i l s* 1 ^*^©* (*3t(i 

1 3 0^vaMS„ 3 0(4. jl— Hf 1 1 8co=S- 

l l 4 jtfigfi-f l.tti-tt§;fcJ 

aaw-ft. ^£7)^^. lae^-v'Ji 3o«, ^ttwn? 
i 3 1 £iMt#i 1 4*»i?>iaestt]Rs. a'jftw^t 

fcfc, *<0^**«fiMll 3 2*^-LT»sar«W8l 2 2 
. £fLt «t 0 i^?SISMT'{4iE^P*# 1 1 4 ^ai^> 
vv s- . y i 2 4 £ |fl»T-a= h . i co i a 3r It* 

[ 0 0 4 8 ] M 1 L^±ISO^#fO«:^ffiK5IO^ 

tm±, mi±-m}t l zmm$tix^&i><Dx*$>& . 

[0049] H2tCli. 

0yXfAfi-f 1 18 (01 ) A i Ifftl>Xf77 
*^ $ tlX v ^ . ±f ET« L ^ i d iz . ffl^(4Bf^-lt 

ztie><axm&wv -v^^zwMisafumL. t^zti 

[00 50] iDC, jl— T 1 1 8^Bf-f-ft3t»2 1 0 
fl-^xf"y7°2 1 2^#^o i<5D^ifT'{4 
m&<7)£ 5 fc. fM-^-X-r 7 72 1 2*CI±3— -yi 1 80 
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TJrth. XW2 1 0 fc. ^'jyt^ayf 

yyi l 2 (Hi ) fcawifctt-SWftTAaV'f'V 
VI 1 6#£jft3;h.*. 

[00 5 1 ] ¥iayf>"y 2 1 6»OTT7 U v~- 
ygy2 18A.S^|,i;, ;0D77>Jlr-^8>li7 
Hfyf- yn^f- ^2 2 0 ZMcOXVi? 
t;l/3yfy71 1 2cDffiffl^TlgftS) £fft£-$-&. M 

?220 A Tizm^ X , fcrtf-fc t:h"f^Il(: 

[0 0 5 2] JJETK^BL-fcidte, a3:>•'X-r 
AT^4:fc•^;:ff;53^> ^ ;fcS „ ft3yfy7 2 1 6(4. IB 
»&1 1 4*fc«##/tfiJKai 1 0<0#|g*fcttH 
iSSrLfc,. at-, IE*. 4 JfcfcMBtf) j-— !fv)ifitt« 

i iCSlWfffltS £ t >f -fe VXPwSfi*^ 
IM^a fc"$-*.3-~W*6. BJWJL^at;:. 

[00 53] Lt^t. *||Bfl(7)yXfARi;*ST;' 
14. jl— r 1 1 8 cr> ->.z^A ItZii \ «^fcSc»£ £PI 

[0054]i3(l Bf^ffcfc* 3 10 -y T 

3 1 2 (IKgft3 1 4 ) JOTPKfflTT'J 

-ygy3i 6^m.^tiAm^zy°v^yf-^3 yf 

-?3 1 S1Mffi£tLhb.\*o£i}iZi£\\X* H2fc{RT 
^S. L*»U ffily^3 2 0HJ;^ ftMPMH 

"»Tt6> ^KPic-tiriHc (H2 0 3 F5:r:yx>"y2 1 6» 

J: at) . :fc»3 i o&a-^at^#PRTS:s. £*ua. 

ElTtSIS S#iHLT»BW-fc J: a 3C«3 1 0 (c« 

[ 0 0 5 5 ] 124 143 fefclffiflKr^-i? a ST** . 11 
4<7XfiTa$fc:titfHI rjgigffcj (polarizing) Xf'yT, 

£. 4-f. Hf^b§ix/t^:»^>"ry^4 i o(4»ft 

SS4 1 2^S2;fl& 0 »ft§P4 1 2J±JL-Hf^SBWH 

4 1 4£^m r ). atAf'/74 1 
rj>-r>'^4 1 0 RlSfc, »fcgfl4 1 2 



[0 0 5 6 ] WmttMA 1 2(4. £<9iH&fc*4 1 8£ 

1 2^»^m^-^Mis^^it wBrwafeoTsy?- 

[00 57] *HHj^ i ^Sfi^«sT'(4. fBtS-ftSt4 1 8 
(4i-^^X^AcOrt«^^K0ffiL/t7 ; -^®S 

4^1^ . »ftJ|4 1 IMIt3yfV74 2 0 

tz%<%& zo%m&vmimz&&&A,T&< torn 
x-foh. £ J: oizlx ami. i/X7-A.mmiz±%&i,z 

[0058] mz. 2 2 wt, 

§^3yfyy4 2 ofdWRfflm;^— ^a>-4 2 
4^iS3ixSo ±f2TWL^J;at. tlW^iflRffl 
TyVr—TsaytLXl^ MicrosoftttcOWord (ffi 
M) 43ti4Mobe?±C0Acrobat Reader (ffiM) ^COT— 

H^-f^ ■rryt-yg^iiS^ l*»u 
yT->"y4 2 o*ie«T**i^*^t>#i<9#tS. ^n 

(4. rJVxy^y. 7t-7-yb3-P, S.t/'ftflRMIIfIiJ 

•cffiffl-r 5 m^tt^mmimwmizx 9 9 yy^zti 

hfr^X'foh* 

[00 59] U;)d s ot, TO77'Jt-yay4 2 
4fcJ4S»tt (X!m<ii7*41 ■ bP5yl 
tt) ^L<(4. (JH^t77y^-y 3 

y^JI-ait^liffg^rj v^y 4 2 0 tSftKfeirtt 

*us * v ^ mmco»immz~o v 54 , h 9 1 w?* l 

[0060] BPRfflrr y ^-i^ a ycr>ftjjmmfcy° 
H:>f- ^ a yf 1 '- ^ 4 2 6 ( iBIS-ftfliBRs >-x>- 
•y) T'\ 'tL{4iHRfflTr i jy-^3>'4 2 4fci >)7 
b S*LTV^4*«, 4fi«M§^4 4T-*S 
fc«>, jL-nf A^£D4 i^WRS ; t }4-c-# *v^. ffiiS 
ft7Hfyf-y3yf-^4 2 6{4IM?|^SP4 2 8 
tiKSfU ^c 7 )IM?l^gP^W^ii4 1 8^^(tK-^ 
T ^cOTcOJfee^^HfV-^— ynVf- ^4 3 0 

Sfi^Sst- {4 , i emmmmm±#m<7)Wffi 4 fc{4ig^ 

f-yayf-^4 2 6 i4*^M^ii:»s ttre S . i 
O^^Mi4J--^f>Xf-A i: BiJfflcT) t ot, afl^-v 
lTf-?J S(t JXS i> cr>X% oti ffl^^: 

[0061] kis^4 i scofNjfi. wwfflrru 
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y 3 y424, Rvmrnm^T- 774 2 -t^t 
ffiti x 4 2 2 wflufisas-r * & . ' n $> imwtfm 

/ I^r - 9 tS t £ ffiffl t . ^ n - A/MC T ? -fe X hT^&I S 
-fe7° FUd fijffl Lfc 0^4 aWC, i-if#fl6©5r 

[00 62] *IPj^S(^Sgfe0ff^Ti4. 04 son- 
jfVf—is 3 yf-^4 3 0 li-rvs'-r 
4 fciif*' U - * 1 vftiX' t> v * . x 

r u y 9 v 5 >r >*m ) tz x h mmm&!$miz%& . 3t 
it (mmmrTV y~>- a >a 2 4 ifcissgsiw&^'r 

774 2 8C9Vvf;h.;<KC) ^fcfrfcftTVvC, 7H: 

y^-^ 3 yf-^4 3 0 * swoaj^jiiBtitsaj* 

[0063] 03 Atf04 £f£ffl LTSjaj] L*:±iB<7)fI 

~~Hi&t. 0 5 xmmz^ lx ^ um <ryxm<r>^~ 9 
«jtK«fc ousts iMix-mmLfzXoiz. 

^M^Mm-tfi'&mX'hh . mfeC0WiE3-Y (IKES 
fUTV^Sr^n-K) SffifflL"Ca|cW!BW««ttt|ftl±3 

k T* £ . *ffi*aa-fW-&*H^fc: J: £ i Bf* 

[oo64] ^mmzxijcwimcommnmijm*, 
yvmum (04 9##a*:{±ajJK*t) a. 

^a^-mit^r § tcx v «ar *»o 0 . ss&s *vc v 

[0 0 6 5] §BffiM3t#5 1 0(4. JJC»3«B«0±S 



at/if^r-fe ^>F5i4 tea . s 4 § , 4=5r^--if izm 

T^-5>„ 3yfy7t^yF5i6di, a.—- 
^fSBf^fpyryyi 16 (Hi ) tf-SttiX^ 

[0066] ^mmim^mn&fmxn. s p d 5 1 

OcD^yf VV^y^vV 5 1 6 ti s S:«y<^"iffg5 1 

8 ;?>r h^. 7t-7yF, aV^ITB^CO'ff 

$8) . **d7</Hf#5 2 0 (f^XFtftCSitS 

y 3 7T«$il^. 

[0067] *HBfl^ 1 mm&mx'te. mmvms-t 

Xiiffifo^W mtli. John DoefcV^O.— iffcHJgW 

avwjH^>«R (20) s&m&ta!e\r&&fct&. m 
ffl.&-^xi>mfo^K 

[0068] ^mmmmxu. mmRmf^y^ y 
^ 5 1 4izimmmmzt%fe-tz>9mmm^v y?tt 
witwmkti* ^m&. HK«wjavMiw-/F 

[0069] witL<DMtetzt> . *fijavw^r-fe^"^ >- 

h 5 1 4J±«Wt»&L (^Sffi^Tiigt^TTat 

ioasa-c**) . m^ttfzmmRim^i^mz^. 

WV%%:\^£o<,z-f&(r>t)mtL\\ ^--if'^g 
KUt^W-ft i fc t *T4 

[0070] m$f"S1&3— Y-'e.'T'* 7F512 ( r s P 

d mm j fc i isti h) *^-77 - -t ^ ^ 9 v*^ - 

mf^m^ - H-fe^pt y F- (c^r4ttS V7F^ny 
j.-;PTlifi£§fLTv^ 0 ^Bfl^lUJte^ffi-eJi. d 

L^L. *^£HJI^C(i. 77 7F7t~A 

is (jy?7°v?w.ttziz?ysu 5) -cftft^fciw*) 
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[0071] mmimu5 2 4«. jl—tcd i d*«s 

L , jl— 9* «tJ 7?y 3 yJ: Sfl&tffr «]"-«= ^ 
V151 4^»§nTV^T^>-a>'^*Jt«t. 

comma. H7 * «HLTJ2lTfc:PMtfc:iMW-6 . 

[0072] mmt^y ; Jy 5 2 6 1> . sur^nea- h 
[0073] nm-t&mmmm^y'jy 52s in^^r 

flTUT, JL-Hf^x^fAcD^fflAP I (Applicatio 
n Program Interface) iZft-t &^Wffi±4 ~7 x 

— xfcr&o-cv^ ^AT^-fyh'Wyx^ Mi 

>f y?— - lr7°h^fflilT*.|>„ Z\CDtzib, 
yi/v-XxAfflco^-^^-Y y^~ b7h, XiiSfit 

[0 0 74] UtT^ItgrJ— F-fe^Vh 5 1 2t#iil 

•c^s, *rj5E-r^iM?i^xy^>5 28(1 sets-fts 
( « x. tr , j.-^com^mm > fc*t$- 5 Ay -9 

&coi±, mWiit7°V^>7~~i/ By^-^Tfoh . Lfz 
[0 0 7 5] ^a7«5 3 0(l ^T^=J-K 

■t^v y h 5 1 2 tc^-7°y 3 yxM^t.iit . -fe * 
•cwfirv*) *jS»I4, !ffc**UR#*ei 

swifrwr. *>t. 3Bffi«*aM^)3j-^v— r <f y^' 
yxxA-r-ntf^rt^x/ y hry f^-x tit 

[0076] AISRfflxyyy 5 3 F 



H-fe^y b 5 I2ti 0*1113*1.4. Sffflxyyy 
5 3 211 fiaW-Sj&Ktt*^. Lfctfot, ftf^fflx 
yy'y5 3 20n— MiSPD771/7 M^(OH»ii* 

i>. iMxyy>5 3 2(i ffifg-ft^oy-ryyco 
atj£§H7t. y^yy^f'-^^^KiS^Ty-ff 
y ^- 5/ 3 y-f- * * ffrfc-f 4 ± 9 fcffcss #tf v ^ 
(H4*#JH§;hJfc^) . 

[0077] aefi&bt* 5 1 0 ^±M^mmmmm 
[ 0 0 7 8 ] H6(i, aeffifi3:»5 1 o#ffr££*u 

KflJ § ti 1= t * t-Uff § tl h X r- -y ijk L tz i> CDX'fo 
h„ idffl (generic) SPD 6 1 OCii, ifH#CO 

tt?^lTl*l\^fflSPD6 10[l 

-t^-^ (Bf^-ft^^Tv^v^) jfMto^- u y'-r- 
^*f3yfyy6 1 2 , nv^ivmmfee 14, s 
wry a yvmrf&fri, 6 1 6 *»<bf^i£StLS . 
[0079] 3yfyy6i2ii, *»4fcliffiJK4t« 
*sat^*>-frT , 3t*^y a b &&£t& x 0 izm 
mmm (ryrn-tx) (xf776is) . m 

4T 1 7h&MiRX'i>&» 3^7 6 1211 ^--^fy 

y^y^tfj^lx^^TT- r^ttrW«?j §ttS. 

(f, 3yfy76 1 2{iMicrosoft Word ( r.DOCj ) 4 

JttiAdobe Acrobat ( r.PDFj ) I^^ISfflxyy 

y 5 3 2t i m^wxh x o izmwzm.feztLtiwicoim 

tSBftSfi* (El 5) . ^HBB^lSfflBBm-CJi. ny 
fyy 6 l 2colSiS:<50^s— y 3 yjfiayfyWmym. 
xf77tM?fi, iflffl s p d 6 l o tie-lf-^fL^ „ 

[0080] WV^^SUffiSe 1 4T11 T^^Xft 

01.00 K/w. iiJii^ e-t 2.00 F/Koffiffl^f 

t^ioo, 00 o»«s»*sflf^-*«pi*mJKafc 

#i S i fc •£> . . l -rBi&^l tzmz r j$ 
yo5:««A^-7°y 3 y Sr if hz\t trc* 

[0081 ] Digital Property Rights Language ( D P 

RL) {4. T^Mff^)«H*ffi^-*A:«)te*6ffl5 
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mnmmz. dprlw- h*>hbLxmmzti 

h. pfflfcowrii, Stefikfcft^3;h.fc#BH3frS& 
5 , 7 1 5, 40 3^\ TSystem for Controlling the 

Distribution and Useof Digital Works Having Attac 
hed Usage Rights Where the Usage Rights areDefined 

by a Usage Rights Grammarj ^£#lfg 0 fgf \\<T)'iy 

[ 0 0 8 2 ] #gftf r wo r k j fgjg 

work^gm «*f^t3tffl^rtB**tt<0«f! 
hfcflj&C**. ft^'JJi, r right group j fcPf 

ims fluffs rju-yizftmx-z & . mwiv-vn 



ft. S^fi£ft^<7)#aft^J^T-d" U K*tJS LTV^-So 

h^>-x^-hft{i. &sfsw©0f (ytf^'r-y) 
gijco y ik s j v y ^commm^m tzmtz. w&m± . 

-r-j . 8R^»fMtl4, •rUW** 

yx] — Mzmth. 

[0 083] DPRL(?)7-?}|^JmT{:it. 
[0 0 84] 
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(Work: 

(Righls-Limgiiage-VersiOJi: 1 02) 

(Work-ID: "IS I )N- 1-55860-1 66 -X; AAF-2348957tuf ) 

(Description: "Title: 'Zuke-Zack, the Moby Dog Story' 
Author. 'John Beag]e' 
Copyright 1994 Jones Publishing") 

(Owner: (Certificate: 



(Parts: iJ Phflto-Celebsh&ts-Dog&-23487gjj" "Dcg-Br^eds-Chart-AKC") 
(Comment: "FLigbls edited by Pete Jones, June 1996.") 
(Coments: (From: 1) (To: 16636)) 
(Rights-Group: "Regular" 

(Comment: "Tnia set of rights is used far standard retail edition^') 
(Bundle: 

(Time: {Until: 1998/01>01 O Oi)) 

(Fee: (To: ,i Jone S -PBLSH-l&546789 >, ){IIouse: "Visa"))) 

(Play: 

(Fee: (Metered: (Ratc: ]_qo USD) (Pen 1:0:0) (By: 0:0:1)))) 

(Print: 

(Fee: (Per-Use: 10.00 USD)} 



(Watermark-Str: "Title: l Zeke Zack - the Moby Dog 1 Copyright 
1994 by Zekc Jones. AH Right? Reserved.") 
(Watermark-Tokens: user-id institution -local ion render-name 
render-time)))) 



(Authority: "Library of Congress 1 ') 
(IT): "Murphy Publishers"))) 



(Printer: 



(Certificate: 



(Authority: "J.3PT* 

(Type: 'TrustedPrmtcr-6"))) 



(Watermark: 



(Transfer: ) 

(Copy: (Fee: (Per-Use: 10 00 USD))) 
(Copy: (Access: 



{User: (Certificate: 



(Authority: "Murphy Publishers") 
(Type: "Distributor"))))) 



(Delete) 



(f? aclsup:) 
(Restore: 



(Fee: (Per-Use: 5.00 USD))))) 



[0085] ^(7)wo r k^SK{± r Regular j tmf 
tl^fiffJ^VL— y°ifihh, r Regular j TZuke-Zac 
k, the Moby Dog Story j fc t ^ U&C099te>WfrM£ 

(play), EpJrEU (print). ftjM (trans 
fer)^h-(copy), MR ( d e 1 e t 



er-6 fc CEPJBIT'# . 1 E^EPfiMzS 0 1 0 . 0 0 F/UO^ 

(finger print) j LT<?) 1 ? V U X F t £f+ft 

&o £<59##ftfi. 10. 0 0F/Wi3^«JMu 
r P h yfflJR3^6iE^I#iEBW*A#LT3lf^# 

yT#*fF§*rC^* (UXbT- =JXb5. OOF 



0 1. 0 0 Vfrldkw 3HAtt»mfflT*JH3fL 





e) . WWtbackup) . S^ ] J^hT 
(restore) 0«D*fr*^LTV* 

( chart of breeds ) b iPS ± flT V * & 0 r bund 1 e j J§ 

KXcomtW 1 9 9 8^) 1 H 1 B4*C*»T\ f4A£ 
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[0086] iSl^MtflJ^5£6 1 4 {)fi»f7 
TVtftSfefcsfir* (Xf 776 20) . ~<7)*§-£\ |K 

^ (Aia^^KOnrsi*) jus*. =t oasw*-?*- 

[0087] tfCC ^ffiJtSgSfUtsVT^y 6 1 2 . 
*W*KIS*lfc*5fiH&S6 1 4. AX/1rF&frL6 1 6 
£ffl^-£;b-it& i t TilLffl S P D 6 1 0 fcfftfc*-*. ( X 
T7/62 2) . *^at*>L«, =H$flHHlfT3aiS>*Vt 

v > h &m<r>xmx'tttoT § s „ s p d t,za ft h m& 

U4. BTB8rCS&JB£rCt>* T'%%^m£X~i>£ 

iJlfflSPD6 l 0(4, ¥#/fflJK*tl l OteJ: o^- 
T^a>THf^L. fistful 14^SMftLTi>4^ 
(Ell ) . 

[0 0 88] ffiffi*#l 1 4(4}/LfflSPD6 1 0 

££WK 9 , tkX-^jX 9 ~?A XX'% hXo telMtf-* . 
ffiTfiSl* 1 1 4 tfJL-ifgjR 6 2 4 £SWK& i: ( K 

4 fcfc£&&r«H 1 2 2 £> 
T) . IMI#1 1411 a-fgf6 24, RtfllW 

ffrfcf-£ (XT7T626) . ^^ia^S^tt^fc^ 
f^nj-fe . y h*ftarv^*&l4, jl— <fcr>tztbcr>T7 =y a >\i 

[0089] SCi- !ff^&t*i— If £04^116 2 8 

7^fXSPD632S4itl! (Xf 77630) . X 
T776 2 6 T-A^ Ltz jl— fff nTS: SPD632«« 
flMfflt^ >- h 5 1 4 fciMtU f <?>£rlW§i 
6 2 8£ffifflLTSPD6 3 2«ayfy7t^yh 

itmmzmmLx. spdswm^^^^^x 
spo6 3 2'v3anTS«. zcDmrniz. mm. turn. 
*l /mm. BMm. M«%m&mx\ %-fmxmm 
**» h s p d commz ^ x&m t-r & 
izmmx-foh. §^ Mm<7)3--~ m^s- i^sp 

D 6 3 2 rttfftfcU ««rCS -i.^ fc £i&*$-£iB9l 

»£»s#fl:u Lfrh. nMcoj.—>f%mmmmLx 

# £ 4 o =flrfiEflS**3EP ^ ftT v * * . 
[0 0 9 0] ^iBSW^iX&^X^ASPD 6 3 2 

j x? * x?m i,zm?iLxffittzti&. 

[00 9 1 ] jl— Hf # S P D SrSOTX-) rt> k § £|g?rf 
S^#£l27«7nHa^LT&-i>, SPD^ 

10) . ilffitfi. SPDfc;fctffcfc:ttJ!M-*iB®i& 

i\ itfflu^t^ a«{43.— ffefcvw-Hift 



77 1 2 ) . yXfA(ia-f>*ftIfSr^y 
a ySrfdS'J-t-g. (Xf777 14) . T7is a ytfMtR 
$ft.&b, *?mcoMfm&XT- 7 7 (Xf 7771 

6 ) wmfzti. %>m-tz>T7 y a yizm&t&zkfr* 

PD771/7 15 12 (05) fciOn— #/Wcff-3 

*\ 4 fc«*ws5Hw-> *fcr 9 -fex-r s i k xmfx- 

[0092] mmmxr-- y y° ( Xfy77 1 6 ) 
mthh. jgff¥)HI (Xf777 1 8) ^H^Sti-^, 

i;T-j--Hf(4. iijDPf#^7Sist--g»^k\ i^it^r 

"T&k, *1f)lsS¥)l (Xf777 18) ^'^f§tl, 
SPDyX fAliitftSII: 15y^ b"X { (3 
lc^ffiaEif— 1 30f) ^v|S»-r-i> 0 iilT, 3>f 

S^SrtS (Xf 777 2 2) . jl— HfcOMffl* s ^T-t 
^h. W^S^JHI (Af -/77 24) tfMftZtl. ffi 

SPD>-X^A(4^T^>'3>'Sr#o„ 
[0093] SPDtciftfiSilfcitJV^TWaflWrii: 

(4, ft?^ii^o^r a ifm b Ti4. i-if*«jt»*sia^ 

^<7j^iEf!lffl«rtg^^T*{4A¥T'# ^rV > i 5 (c LT V ^ 

m&XT- 7 7t*t3 yfyy i t -rsiess 

[0 0 94] SPDMtf/^^t. E{4m 

^XT-AO^<{4ft*J<50^^-^>'X-rfc.i»MS&8 1 
0.o40.D(E(x)) ^ffL^f*. 5l§i^V^ 
R (D (E (x) ) ) JfToTUS. BBCjCytia 
fc, ^JSB^aprcff^^S fM^T'i43t»{4^^^«ffit 
»4i£)HlT"fcS^8 1 2. o 
4 OR' (E (x) ) fcSSffUfcflL gi*f8^TD ( R' 
( E ( x ) ) ) *a#f*-&fcJ:u. i^LtciO, f«^-(4 

[009 5] R'3&nri66>if d3&\ -ofO. W?cr>mz 

miRcr>%m*mftX'%hfr)iofr\$. vxr^izx <om 

D (R' (E (x) ) ) =R (D (E (x) ) ) 

[oo96];;t, m^immbm^mmt^mx' 

hhm^. oJO, f£E<7)xt^LTE (D (x) ) = 
D (E (x) ) fc$r**£fc:tt. R'*^t^k"3^(4 

y = E (x) -C-feS^R' ( y ) =E (R (D 
(y) ) ) 

[0097] SHg(C(4. RSAyXrARt/E 1 Gam 
a 1 Hlffi*fit^X^A^-«W^M»i^^XxA 
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[0098]A'Xx' = D ( R' (E (x) ) ) «„ I^nj 

LTiMft-t S o Hf^lt L^£»(^ifif Officii 
5 1 2^'r2yT->"yFJW#t J: ^t-tf^£flT^ 

[0099] icoaaBftWr*'r/Wi. ft?*?«yMR(: 

S*>4fa*», I/O R' 

ft y - x « , R tfHfrJf-fblffiR E fc «imx h h %&x h 
z\tm&. y=E (x) (c-pv^t Ft' (y) =E 

(R (D (y ) ) ) =R (E (D (y) ) ) =R (y) 

[0 1 0 0] 08j&»6#j&»*£fcW:. 2o^«$ry-- 
Xx'=R (D (E (x) ) ) , -3^x = D (E 
(x) ) £*fLffi»#3:Vv^i;x' = D (R' (E 

(x) ) ) (fflgtw^ftts) ttfoiattt, x:««n«ra 

Wfc)S&.& 14. 816, Rt/8 18) j« (JdBOSfe 

Bt#ftS*iJt*»E (x) ;!/^7V-fe'yf-y 
3 y-f-^x' £#Sfc«i1i*&.AXjEp&9. at 

£0±i-^i>, i:'^y^T-tfa-f-D&@A ) -ti:^Ci:T- 
[0101] _B£cDi; 3 fc, a#*0at*C# S^'itMt 

* s t v > a immjrmxit, zm£#&mxii& < s: 

^4. £OS^S*i£*El9fc:Sr^-. £»3>^>-y9 1 

fg&m—<Dmmx'vit%< . 14^774 1 2^t 

#9 1 4 hffMgfcfr9 1 6 t IZftm^flh (X^f.y7°9 



12). t-^^9 1 4immi\M9 2 0 £figfflLT 
mmitZtl Uf779 18) . ¥3tffMgE*9 1 6 t 
(X-f'y 7°922) . •IfrCcfc D , l&fStt 

(i, IBIS^fcJ:ft*«Kpariit#fl:J:Oiffiv\ ftifft 

[0102] WBWSKMHfcfcJBvtfs. H^oil^m^ 
*M^«a*&{4. HI Ot#JHLT^SfL*. Ell 
0 tfe l . Bfhf-ftm^fW 10 10 sW4M77 U 
^-y 3 y™*$tL-g»o S^S^l 0 1 0(1 S± 
ffl77!J^-yayi 0 1 2tmmt71s*i y^r— ism 

yf-^ ioi6 h i a ^-rs^^^uf-f- 

y 3 yf-? 101 6^xyy'yi 0 1 8^0. 

r;m^)7Hfyf~y a yf^^ 1 o 2 ota* 
Tlz-ifyf-y h yf-^liWttAS^. 

a-Wl/^'yf-ya yf-^ 1 0 2 0 Srtt®^^ 

L^L=5r^A>, 7°'J y^^ifco^^x-r 

7Hfyf-yayf-7 1 0 2 0^yX 

itftVmW. (decomposer) t,Z%K)0&) ClSffi L. ZLCDT 
TV T~y? J-iiiBttr-* 1 0 2 4 St^-TS . SIR 

f-^10 2 4{i&t^^M 1 0 2 e^mmztih . 

[0103] -iC, WBftMEm^RMt JSlTuoJ: 3 £ 
£ t So ^ -V v— (Cathy) h.X^7~>4T 

yVif-^f— A'-tJiWf-f- •>* (Steve) M(7) (y^ 

•y^xar^-f-^-h^) r-^a t^cor^-^ 

h f 1 "- 9 & ffl MMBF (a , x) & ft* L t i J L V ^ 
#fflLT*3D. df-vS^-tt. 7°5-fyN'>—ffia«tBjS^ 
6 , t*i ? )77-f h 7*—^ x fc UBiffflF (a, x) £ X-r 

^ — y{z>m t>tvti,z £ <7«aftWf *«ft* £ t zmA,xx * 

>M%»fcBHLSLfciiF(a,x)*IH[t8« iv^ 

zm^xmuemzftw v&omkim^xmm? 
itztitzmmm k (f (a, x > > t »*tcgi lt« s t v ^ 

T 1^4 £ fc ^Stfc-fS . XT' 4 - Wat #ffrr-* ^ffl 
xSl>*iBSF(a > x)<7)TS:?FMT'O^M^)l{tl»£fc3& i -C- 
(^MiaSWsflr t t/W IilT(CyS^ . 
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[0 104] 
[3*2 ] 

(fl,x)— ^(a,/J(x» 
F(«,x)<-5 F'(«,£(->0) 

A" 1 

[0 10 5] ,I«90*^K^&W»F , l±X'7 l -f — W 
SQRfciHW* t>«T, 3dSc9*ftSiF' (a,E k (x))=E k (F 
(a, x) ) (±F^S«rTOIF (a, x) fcqH&jWC-rsa-^Jt&JSS 
^it£2«l#WTU& .Xf< -'JWlfcr— * x fc 
BHM6F(a,x)£ r MT j V«firV*fc*>. r-fg^j ^ 

[0 10 6] BBKF(a,x)^)Wg«ffl l «tWLTtt, WB 

(i)dr-^v— JiBf^ilkSrM^Tx^Bf^-ftL. E k (x)££ 

( i i ) 3r -v >—JiE k (x) £ 4 — 7 fciUS 

(iii) X^f 4 -^W^-^aaVHf^-fb-f-^E k (x) 

t*jttftBBBF«®a^'f-> f H ^f- zmm^-z 

( i v) X T" 4 - 'Tt ilfeSIF ' (a, E k (x) ) £ 3- ^ 

(v) t y-lift^Ik- ^M^TF' (a, E k (x) ) ^ fl^ 
U F(a.x)*»* 

[0107] ^T^^fr&Wge^&^MftS:^ 

Wteflr^fl: § fx*: -r - * * A* fc L T f * £ L . J; 0 
* £ fc ttt , f-A-ie|ftS ffl&F ' * S WSF 
fc iiM&S fc <?)t;rt& i fc § h . Fcoith 0 tF' £ 

A^jWKiWfcHM-fkSfiTV^i fc 



SKB&ffifc 7?4T> h<7)fflmt Ltffio; fc £4±jBc7) 
^ A* fc *-im& ( £iFtiH-£ To^ 

<7)&&gfrfr ( W*«a ) m«tl)S i fc £fr^ 

[0108] WBWSHftMU Hf^-^T-^^ltff-r-S.^ 
^OMifc-FM 7 ' 3&*WC* 4 A iz^X'fo & . 

i § & . * i <^ ftfz uf^-^^rsCs est. * W 

3RF' :X— Xj&nfriiTftft*^. I£BRF:X^X(± rsfci&W 

iwttJfc&^iriBj bWbtL*. mzx<o. ntimt 

ttO^H^ fc & 0 . f£S<7>k e KSlV'x e XfcM LTF(a.x) 
=Dk-i (F' (a,E k (x)))fc&£o Bf^-^^S^tg-C-fe-S 

[0109] ^e»<oa»flaR<^r7 ^ yBBRjiv^-tfi 

W3] 



■■-0*1. 



_ s 



x,eI ^^^^c a ,, 
(or,,...,^)) = +X«,Jr / ) = F' riA ^ (£ 4 (x t )) ^ * * - 



Site . F' y o . b j , • ■ -, b k c^Slfcy o SlA'Stfc^SCbi £ JTX 0 A 
tl-Cy 0 =E k (x 0 ) , bi=ai , i=l, ■ ■-, kt ~th Z\ t WTt h . 

[oi io] a«<i-5g«oj^Cfc:*<9->fcyy 



-rs^t. int., flBRs&^aaL-ctT^Ji-u^/i'S: 

[0111] Bf^b^^^m^t^^OffM'fflU^^ 

5£ (0lJi.{f HTML/XML, Microsoft WORD. Acrobat PDF& 

fc-) (^^{zm^^mx^tmm^-hzbifiX'^h. xe 

rox^fccT) Digi Paper <7)J; o Kc 1 — 7 >^—XM&tX"li. 
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tot, ±mwm-<nv-7 ytfmmmKT 
zt^mxhh. 

[oi 12] zcTyxommT^cminm^^mit. 
mwfrt>m o aj t . * LT&sotarcmRfc « < ; t 
7?^ >hm x^nyA7 h xh *) s its^e^, 

4. Digi Paper JFMT'«. h-? >14CCITT ^-T4JEE 

sue* £ ffl v a 1- y sir t l x %m £ ti & aoui jp 

Etffi»tfflv^r^5-Wfti: LTfE'ltSiu b-7 ycD 
[01 13] flULt, PftO^-^'j&^^-g. h-? 
fiSL^-r-^Pjl^^-^yxa^i^P) fcSt, If 

a x\T,<vh-7yi<7>r—~?fo mm) tLXlEftlz*: 

r— ? ycOilSiJTid(j]S.V'H«t[j] £*T$-*«(id[j). 
t[j])*C&4 . i#B^H«UiB^-X/l-L i t;Btt&#^ 
ybULifk] ( l^kglLi!) (4, ifico^-ylfti; 

8ft4k#B^-?y£>$£££^'ftt(idM.x[k).y 
[k])T*9, ££Tid(k]li»8!FP, *Ltx(k);&tfy 
[k] Ji^— iSfaCDmCD (k-l) # @ CO b — 7 ^ffcfoS 1 A> c?)x 
JfflRtXyflffltofIT**. Miff, 13 1 1 KStf 1 
^•Sr#X.S„ >IOjt^^l — tyW^WI (x. yffi 
KSrfflv^) filf-7";^fiimil 2MH1 3 

[0 1 14] TfEO»&W&»^- h* Render (D)(4. 

a - b' (cts v vc . x 0 , y 0 «;tt<3x&K5.tfyJ£ff 

Lookup (T, id (k])f4 N SWT&t/r- 

- ? ynsim d [k] j6i» a* s tih t m^mwmznm 
•thffimvwv—tymmzmhyfjv—^yx'fo 

<0 s Draw (x , y , t) (4f5B (x , y) X' b >"H«t £ ffi < "9" 



[0115] 
Render{D) 



{ 



Load T into memory 
fori = 1 to P do 
{ 

Load Li into memory 
y = yo 

fork=ltolUdo 



{ 



x = x + x[k] 

y = y + y[k] 

t = Loofcup(T,id[k]) 

Draw(x,y,t) 



} 

[0116] mmcomm^fmxmzmmzfrh x o 

[0117] x^—vy7~_ 

xy~Vy?3£Ml±x'=ax, y'=byt^oBfrt>%:*). i 
iT'aSVb{4-?-fL-rix xJStMSVy^M^^*T*^ . X 
ir- U VXf4. ^X}4EPfiiJfflfJ££ 'J 1M X 

[0 118] pug. 
W5] 



t?&6 0 ^o^J&«, ^— >?iflifft*i5i*s3-a-*B8t:^j?Ta&-5. 



[oi i 9] ^ >^&. 



LTx=ax+by+e, 



y=cx+dy+fc7)^tr t h i>C0Xhh „ 



[0120] ^^a^Bi^^5t. HIJ-kiH&WBt^Ht 
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(4, D(R'(E(x)))=R(D(E(x)))^B8fl5*afc-t. 5^ E 

ii"f#flflarc, D{iEcD^ft<?3is^RBBc-cab-6. e(x)#* 

[0121] Bt^fc*^SI±HRfc:» (i) W5r* y-fe- 
i/com * D T 2tb I. * •/ -fe - S/X^-XX s ( i i ) "TSBfrBt 

y. (uv-timzmnM&Tfohmx^-xK, warn 
iMmw^m^mm ■. k x x^y, (v> ttm±^^w 

%«MifcD:KXY^X, ti^fcS^KSowMS 
^tk6Kft(ClH#<7)itk-i eK***»5. £*L 
J: 0 , Hf^-ltMScEk =E (k , ) : X^Y&Wg-fWiScD k _ j =D 
(k- 1 , ) : Y^X{4 . y -fc- S-'x e X45tD h _ x = (E k (x) ) =x 

[0 12 2] icoid(cS«§^Hf^-fL^^^<^ 

& 2 -p© nj^^n (commutative semigroups) tt ft*© keK XtfffijS© 
x, x'eX fcfcfLT E k (x+x , )=E k (x)©E k (x')-C**J, ifcJI^P :yfe--5? x 

y ^©e yer-Ekfflk-jfyj+Di.iiy)) tUTiywt:&«rac 

[0 12 5] [?f-8] 

ntifthxmmm~z&v). E k (xxx')=E k (x) ® E k (x')-e&ru ^^®j&s¥J^©^ 
[012 6] HRt. msw (atxaat) nt^«5£f4 

J4, *P#*W^y*-^fl|j^^-Cffll». it 

flu, Xit^mLXot-thT^r-^y^mizMLXM 



- 1 1 n—X'foz>i%&, ~ 0>#j*tt**#w ( ximmm > 

^TO-sTt^ktMLT. k-i#*k£t4*5r9. k#»£>cD?S 

[0123] m<v3B!M&* v&tmwuj&tw&ti 

£> £ *>\ it*etr^T-{4Bf ^MitE k *^£W b-ti 

[0124] jDSiW ; &-Bt-^lt^i:{4, ^ •/■fe-^X^. 
-XXat^«^^XhX'<-XY^SSll5SfHj«J&$- 

W7] 



iior^-r A ^5r*»(ci oT4 1 S U x^ ^jf^S-tf 
£ J: 3 1 , r- ^ co^^ttatAX -y -fe - ^ISiEtM L 

[0127] £X<7)^lt1j&%M&tf}%:i>C0Tfo& 
b , m^z. ^ LX ^m<r>Z b b LXfemth ' b ax 
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ffiflWrfc«teSaiftWC*« £ fc ftg#fc LTf5ft£*i 

tM&*M£Ji&CO0liifc<ZA,t>&. Mult. ExpSVEG 

[0128] mUBf-^CMultXi^WBf^t^-C'^ 
9 , &I.Mn>Ol:MLTX=Y=Z 11 = {0.1,-n-l} T'S) 
S . Sa£fflV Vt* -/-fe— ^xc7)Bf^-fti(i:y=E a (x)=ax(mod 

n) T* 9 , HaftfflUfc;* -y ■fe-> ? y^fI-f-(ix=D a (y)=a 
-iy(mod n)T'*9. ^a 'li^ya-nn^Itt 

[oi29] mmmmm^(Exp)i±Mwm§^x% 9 . 

iieJ6©J;5a:*TJi?±;H»3EcQ ElGamal 



ffs^^j&Tug e west lt , wirwm&xmm®. 

s (x)=g*(mod P )fcLT5g*i£*u ^IWati^RBRD* 
(y)=log g y(mod (H))tU£i§W„ 
[0130] ^WWWElGamalHf^(EG){i. ffiftHSPf 
•f-S:ElGamalBf^-t:ffi5ILTi3 9 . ElGamalBf -^ftSpSpp 

P (fcS«tSCP&CMLTZp= {1,-P-1} ) TftO, gtiSt 

Ife e Z% _ ! Tfc 0 . &MttH9lti* a =g* (mod p) e ZpT'fc 
0. Bt-^ftEof (x,r)ttHKfc^3*l*SL»reZVifc 
ficfft"S„ Stf*>. Ea(x,r) = (g^(mod p),xo;i(mod p)) = 

JiDcs (s,t)=t(sa)- 1 (mod p)T"fcS<, 
[0131] 
W9] 



E a (x. r) © E a <x\ r) = (s. t) © (s. t') = (s. t It') =E a (x+x' (mod p).r) 



^fc^n^i^trji ib p j m X- % z> . 

[0132] ;t#^r h- I >^- J r-7(0karaoto-Uchiyama)Hf 
#(0U) 

r-fc^^r?te. T.;t#^h&lXS.^Hr?cD"A 
New Public-Key Cryptosystem as Secure as Factorin 
g" (Eurocrypt' 98, Lecture Notes in ComputerScience 
1403 , 308-318, 1998) fctJWt, I^M&QMHMftte 

wmxh h<r>hn ta^mtm^ ^x-$> h o . loox-fc 

SkUOh'-y b«a*>2^CO±§^Hi!cp. q£3HRU n 
=P 2 qfc-fS« gp=gP" 1 (raod P 2 )OfiiC3&ip^S ± 0 (C. 
geZ^^^yrAtjMJK^S. h=g"(mod n)fc^S. 0U 

tf^SM"* id**^ (l,-2f-i > T«22r< ) *-£z% 
T£>9. Bf^-r^fX r-X^-XYiiZnffc^o ^--if't 

mimm<Dn (p, q> * . ^ «y *-^x e x* 

* . SLifcr e z n £— *fcaHf«- £ . ^S fc , iWfk 

^•yfe-^tiy=E (njg:h;k) (x,r)=g«h^(mod n)i;&S 0 

Bff^ft^-yfc-^ytaW&tli, r *liCJ MifcL:r 
-*r\ L(x) = (x-l) P -i(mod P 2 )ftffll^„ iS^K HiZ* 
p2 Op-Sylow¥3rC*9. Wh. T= {xeZ% 2 :x = l(mod 

p) i "C$>&. BBRLtfflWt«^. fI^-TOix=D 
p, q (y)=L(yP-i (mod P 2))L(g p )-i(mod P 2 S . 

[0133] WtV^jBffiBW^ftdS^Ct, Bf^ftS^W 



£. 4^, #JaSiWBt^b^^^JaaiB»^L^ft 
\i, mmmm^ExpRVizm^M-m^ktts (rsa 

=3r fc" ) coismz i. o T Jni£fl9Bi^ftfiN*W* 1 5 . 
[0134] tffificD J; 3 ^C«^ftftfItt»IR^*^ 
fc LT«tW-«, SMJ'Wfciiiff^ffcS^-r-^Sfflv^ 

[0 13 5] h-^>-^-Xcr)^*OWcM-l.fc. h- 
77Hi (#^-^'HH(:-->& 1 ^>-X*^ffifiE 

§ ft h tztb . Sftra^fitf- ://n.i fl> a >"f £■ 

fftSWtfflKJf-m'itijWi £ fc ftSEW- 
-6. SWl± s *t(id(J),t[j))(j-l,-iT|) comt. 

t??£h^b*w&th« •v l zmm^tt%tix^h<r>\±^ 

Y—9 MKJlHF-id*^^. ^tiS fc Trt^JB h - 
^ yHffetftig^. ffiWVmW f)V~ f-yLookup-ca 

h — ^ ^BfScoflg . X(iM^r fc v ^ 3 

ZLbtiZk K) , 1185? fc * <0 h - ^ >mm. fc <0 ISI<7)o53r** 

* Bt^-ft^ s z fc £ j: o x fjt*«« $> -g. h - 7 >mm- 
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4U^ Zcozb^mxhh. ^-<<7)*ft 

m ^co> u -r v x h u y 7 h & h 4m teh £ & 3tt 
[0136] j; *)immzi±, mniRtsztiizT?*; 

(1) f£SOBf^ti8giJ^E k (id)^ML. lookup' (T' , E 
k (id))= E k (lookup (T, id) ) 

(2) rat/iookup' zh-z. i^tix ^conmmmm±?r 

[0137] Bf^fcjfcSStttU T'&VLookup' £J3TF 

XcomfflTcoM&bL. mz, id*cid (xt4i N id*= !i 
d!(id,t)eT} ) b^h. F-X-f VsiflDTft*— 

Ityvyi'jLHRi:-*-*. act. Trt«0**f(id,t)45fc:, 
*t(h(id) ,E k (t)) £T izMX-tb r b £4 *} , Bf^ftb 

^lookup ' (iTIE^T/l- rf'JXA^^. 

Lookup'(T,id) 
{ 

id' = h(id) 
t'=Lookup(r,id') 
return (O 

} 

Lookup ' coM 0 fififiHiHHt; I — ? >mi&X*fo& z b lea 
[0 13 8] £tf>SW<9lgr*HW4. tB'Kx^-X^-A 

^sonf^fUESfflv vfctr** . tw±*ff -r 4 - b 

ifiX'^h. lookup' -9" f-V-CfflUfcvvy ^j-T)V 
i><0"C*&%&. T'&V'lookup' £J|-;t tilt CTcDEfS 

[0139] fiif-7";Hi^«#xy h Uti, ftE'J 
z b 0X- § h . Hfif $B £ flHHW S 14 , 77^y^ 



(4. jcmsMbJcmfcrnbcomcohu-vxy (ms, 

J4. r— ?>«HFPtt3I*. £BH*l»fc-*-&ftftflr9 
\,tfz. t — ?y<?>rt4-f-\j co^7~?yft^MTfo&* Z 

corns, ztL^comm^m^-iti-hfzMzmzm&m 

Kb, mx'i> tiHHiMSM=p<7>ft&m&&n# v>h x-% . 
mwi^x-hh^y^ywm^mmmx^xLto^h 

•OffiUJt <=5r-oT L4 d . mmX9J±McVM 
fi!c{i; 1 — ^ y<-X<7)3t»<50^tt BMW 1 oTft 5 

[0140] Liiww-fW-sfcfti^asifirfiiaHiiiBK 
vat ^-ouw i 3 tae*iw^wf«!<?5 fcotas?^* . Li 

^CD#X>- F 'J (id,x,y)tt(C, (id,E k (x) ,E k (y» SL' d 
fcfltV*-*. «WFF^)lit^ftfc*fiSrc***^tt. (E 
k (id) ,E k (x) , E k (y) ) CO X 0 tt^y V V SrfeB'r -7")VL' 
^zWX-thZbifX^h* LfrL&ifih* ZcomS. 

nmmmr f y t (E k (id) , E k (t) ) t^x.^^ 

S^ftO. W&Wty )V— ^->Lookup' i> , Z\co^W.$: 

[0141] mmco v-9 y^-y^xMcom^mm 
mtitm^x . mmmmcomizxmoay^ yy hmm 

•t&z\b&X*%&„ Draw' (x,y,t)^\COi§^itiM^>M:^ 

[0142] 
1 ] 
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Render(D) 
{ 

Load T into memory 

fori = 1 to I* do 
{ 

Load Li into memory 

x = Et(xo) 

y = EkCy 0 ) 

fork = 1 to (LI do 

{ 

x = x© sc[k] 

y = y©y[k] 

t = Lookup'(T'4d[k]) 

Draw'(x,y,t) 

} 

} 

} 

Draw'(x,y,t) 

{ 

s = Dt.i(x) 

y=Dk-i(y) 

t = Dt-i(t) 
Draw(x,y,i) 

} 

\± , mmmf v-? ymmnm mi±^x m^t § tin t 

[0143] *%B^c7)ffio||St^KgT1i. li^ayfy 

#ft« nmmmximxi±w^r?> z fc #"t-# «. <± a 



[0144] IBf&fWi. Tv^y^yyzm&WO^m 

wiztt Lxn. y- v^m^h%m\us^jmm\m. 

=Fm&m' ^w'=T(w,s)^oT4zfiSc^-^, 0 |sH^>32#|T 
£JHV\ ffi«Uy-Xlf#S'^S'=T(S,s)K#oT4i 

jr-t s c 1 *> s . z comx'ii. , «s&flar^«o u * 

[0145] MnSiFor example), ffiS^WM^ 

t , jl— tra**— f cvm^mwx'\m>h z t a*-cs 

Slit 0 . 'ffMi. 0 5 i?4Wf ttTff *iX V * s . 
[0146] ±CDK^CDt^.X h ^if^(juabling)^ 

nLXT&mZ*£&ZbX*foh. BMtrtf5#jt i Ki(x.y) 

— tf yX7-J±frt>CDy- H (a, b) SfflWCfHSffr*- & i: 

fSWtCOVn-CX=x/a 
[0147] £<Z>W(C*JVvc, S4ffl7T'J^-yg> 

h (cja, m-htmzx? y y-fiv vx \ vb^wax-^- 

9 izm^t & liZli , jl— |f (JO^gtfOffi^ £ IBfSlC L =Sr 
c^itH^S^ . Oj^- F (a,b) Srffl^TlfflS'ft 

MtttCOV^TY=log b (Y) (log b i4Sb^*t--?»Wl!c) 

[0148] sifflrry ^-^ a y«i$^t 

Y)=(x/a,b^)fc:J:-3T4-i.fe*i.*. *LT. '^ffiSr^ 
KtfXffi«& iSffl L , (X , Y) = ( log b ( Y) , aX) = (x, y) fc ~t 

izm^tih, mimmmkcoM^izm^x , uv-x 
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rry ^-y 3 yti le-tsit^ti.^^xT-A^rjy^^ 
[0149] -miz, mMummxiZBm&itmT 

7W n a n «&ieM^^ffl^^-ti:Tffl^, Iff 
[0150] «SS<ffctt-ftfc, ia^BltX{J:MiS*iF^tc 

fcttzm^xwrn^tiz . ssRfcSfu. u y-xw 

x r A c7) 3 y r- y x F iz X -3 T iitft § ft £ 'If W & ffl 
[0151] JL-nf*t«^#fHhtllA't*IKfc:. 

Srfflv^T, iHSft*F#«%RtfiHSfl: U y 
( IMkyXfA r? >"r ? * F £ nftiUS -I fc $> & ) 

6 , ?£f^t«^«l^&V«lM^xx a ^ yfni 

x{±»fg^ | jy-x«fg^j--iPfcffi«^-^„ * 

S6W<^ £ e5*N0eJB<Of^MT(4 WC* * . — jft tz . 

igts^m^^svw^^xxA ayfni^, 

[0152] *^^ : F*f^«0*jat*rffi(i3o^)^'r 

u y-^flWR^iesMkj^ct^w*. leass^wwt^ 



[0153] ssi&fw^rf^ftw^je^i, 01 4 1 

BMUT^Sft*. S^tf^l 4 l oii, tf3>f 
y— ^flWRfD-t-y htZSti. nTmmal 4 10ii3 

y^yyigiS'fbi 4 2 o<wm&%n. c\^mmzau 

XVrF^y^yyZWmfcLX 'J y-^flBBtfit#L. 
BSHfc^FaFft* 14 2 2 ^^-r^, . r? v^f yv%m 
ltl4 2 0^. H9fcMjiLT^-rJ;a(^t5C:i:^ 

-7» F^SBfg-ftL^r^rfc^iL^o L^L^' 
^ £ v K -3 ti*7M&M T 7 V y- >- a 

m^tttizm lx i> mmx-s, h . 

[0154] 'J V— ^ftffi 141211 ffi^^l 4 

1 ofcRBrrs y y-xit#^-t 7 i^^<hi 

yxfA'j y-X7r'(;H4 1 4(c3t°-ts;j;(: 
**i*»^>, yy-^is-fki 4 1 6Hfe 

HTWA'J y— ^ 14 14 frIH&ffcU iffK-fti^X 

fAyy-xi4 24i;t§. rj y^r^ylgiS'ft.avy 

#IBlS-fb^ii, ^- F^j&ita 14 2 6K±-)T 
^^ft^^fS^^-F 1 4 1 8£ffl^£,T2:# s #f£L 

A^^^oia^rco'fpg^s-^v >tus„ 
[0155] «sisfl:^-i<^istt»*v^<oiweffl , t 

£ ^- F^^B^ffl v h o *S^Wlt 
WiH^I-ft ^- F ft ^-TS . r O^r. iBK^bJOT* 5 

x . y^j±co^m*w®'mmcDmmzM* itz^m 

[0156] ffiffl-TI. £ i: W§ SfteWv-- F^^B 
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tr. mimmm-ik^mmm^tf. im^^mmz 

[oi57] iHSfts"- K^tfaats^fflaifcBijts 
flavor jl— «f tcasa*-* c: fc 

^rffilROftfiffi'ffiy-X^. ^H^ff Jj? 5 , 6 2 9,9 
8 o ^-(ctBtt<7) J: 3 ^ y5 -f vfW 'J h U k -t& 

^- f . 

CO 1 5 8] 4E)»£M^-F^fflV^Jl^, fl^ 

[0159] m^mim^&Mmiyx'r Axtiiss 

«y-itfflv^. i^aaBraB-cii, n^#i^ 
mm/ y v -xc7)ffi$g t it^^^x y ^ya^BSHb 

y- F^^aSrS^fflTT 'J^-yg yXtiSPRiSS 

t/mmt,z , *&sg« yxfA x(i^Bo»w«sscs^ 

wr^jfrSfufc^- F*ttVvt*F#fNHiatf U V-X 
fulfill fclHSffc*- 4. n^FKIIBti. M^H'yXfA^D 

comm* k'#> t4tH. ifre^KSg^x tvr^g^b 

<7)^XxAffi)& (Wh, W&) HIf^^ttn.y? 
S*x4„ imTMWiM. *LT*RWfc:*tf>WB 
WW* (SBC) li, iWIS»I^^-CUS. Mft> 

k m^WX'fo& Z. k ZMM I/O** . 



[0160] fflroWCKBBLfci: 3 fc. iBgfcOg9S<9 

ifffwf-^avj v-xiigij^FsirjMco «t a tsas 
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SYSTEM AND METHOD FOR PROTECTION OF DIGITAL WORKS 
Inventor: Xin Wang 

Copyright Notice 

A portion of the disclosure of this patent document contains material which is 
subject to copyright protection. The copyright owner has no objection to the facsimile 
reproduction by anyone of the patent document or the patent disclosure as it appears in 
the Patent and Trademark Office file or records, but otherwise reserves all copyright 
rights whatsoever. 

Related Application 

This application is a continuation-iii-part application of application no. 
09/178,529 filed October 23, 199S. 

Field of the Invention 

This invention relates to document rights management, and more particularly, to a 
method for protecting digital works which employs format-preserving encryption that 
enables blind li^sformations. 

Background of the Invention 

One of the most important issues impeding the widespread distribution of digital 
documents or works via ciectroitic commerce is the current lack of protection of the 
intellectual property rights of content owners during the distribution and use of those 
distal documents or works. Efforts to resolve this problem have been termed 
"Intellectual Property Rights Management" ("IPRM"), "Digital Property Rights 
Management" ("DPRM"), "Intellectual Property Management" ("IPM"), "Rights 
Management" ("RM"), "Digital Rights Management" ("DRM") and '"Electronic 
Copyright Management" ("ECM"). At the core of Digital Rights Management is the 
underlying issue of ensuring that only authorized users may perform operations on digital 
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documents or works that they have acquired. Once accessed, the content must not be 
distributed or used in violation of the content owner's specification of rights, 

A document or work, as the term is used herein, is any unit of information subject 
to distribution or transfer, including but not limited to correspondence, books, magazines, 
journals, newspapers, other papers, software, photographs and other images, audio and 
video clips, and other multimedia presentations. A document may embodied in 
printed form on paper, as digital data on a storage medium, or in any other known manner 
on a variety of media. A digital work, as the term is used herein, is any document, text, 
audio, multimedia or other type of work or portion thereof maintained in a digital form 
that can be replayed or rendered using a device or a software program. 

La tlie world of printed documents, a work created by an author is usually pLOvided 
to a publisher, which formats and prints numerous copies of the work. The copies are 
then sent by a distributor to bookstores or other retail outlets, from wliicu the copies are 
purchased by end users, 

While the low quality of copying and die high cost of distributing printed material 
have served as deterrents to the illegally copying of most printed documents, it is far too 
easy to copy, modify, and redistribute unprotected electronic documents. Accordingly, 
some method of protecting electronic documents is necessary to make it harder to 
illegally copy them. This will seive as a deterrent to copying, even if it is still possible, 
for example, to make hardcopies of printed documents and duplicate them the old- 
fashioned way. 

With printed documents, there is an additional step of digitizing the document 
before it can be redistributed electronically; this serves as a deterrent. Unfortunately, it 
has been widely recognized that there is no viable way to prevent people from making 
unauthorized distributions of electronic documents within current general-purpose 
computing and communications systems such as personal computers, workstations, and 
other devices connected over local area networks (LANs), intranets* and the Internet, 
Many attempts to provide hardware-based solutions to prevent unauthorized copying have 
proven to be unsuccessful. 
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Two basic schemes have been employed to attempt to solve the document 
protection problem: secure containers (systems which rely on cryptographic mechanisms) 
and trusted systems. 

Cryptographic mechanisms eacrypt (or "encipher") documents that are then 
distributed and stored publicly, and ultimately privately decrypted by authorized users. 
Cryptographic mechanisms provide a basic form of protection during document delivery 
from a document distributor to an intended user over a public network, as well as during 
document storage on an insecure medium. Many digital rights management solutions rely 
on encrypting the digital work and distributing both the encrypted message and 
decryption key tu the consumers system. While different schemes are employed to hide 
the decryption key from the consumer, the fact remains that all necessary information is 
available for a malicious user to defeat the protection of the digital work. Considering 
that current general-purpose computers and consumer operating systems provide little in 
the way of sophisticated security mechanisms, the threat is both real and obvious. 

A "secure container** (or simply an encrypted document) offers a way to keep 
document contents encrypted until a set of authorization conditions are met and some 
copyright terms are honored (e.g., payment for use). After the various conditions and 
terms are verified with the document provider, the document is released to the user in 
clear form. Commercial products such as IBM's Crypto lopos and InterTrust's Oigiboxes 
fall into this category. Clearly, the secure container approach provides a solution to 
protecting the document during delivery over insecure channels, but does not provide any 
mechanism to preveut legitimate users from obtaining the clear document and then using 
and redistributing it in violation of content owners' intellectual propeity. 

Cryptographic mechanisms and secure containers focus on protecting the digital 
work as it is being transferred to the authorized user/purchaser. However, a digital work 
must be protected throughout its use from malicious users and malicious software 
programs. Even if a user is a trusted individual, the user's system may be susceptible to 
attack. A significant problem facing electronic commerce for digital works is ensuring 
that the work is protected on the target consumer's device. If the protection for the digital 
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work is compromised, valuable and sensitive ^formation is lost. To complicate matters, 
today's general-purpose computers and consumer operating systems are deficient in the 
areas of security and integrity. Protecting the work throughout usage is a much more 
complex issue that remains largely unsolved. 

In the "trusted system" approach, the entire system is responsible for preventing 
unauthorized use and distribution of the document. Building a trusted system usually 
entails introducing new hardware such as a secure processor, secure storage and secure 
rendering devices. This also requires that all software applications that run on trusted 
systeins be certified to be trusted. While building tampei proof trusted systems is still a 
real challenge to existing technologies, current market trends suggest that open and 
untrusted systems such as PC's and workstations will be the dominant systems used to 
access copyrighted documents. In this sense, existing computing environments such as 
PC s and workstations equipped with popular operating systems (e.g., Windows and 
UNIX) and render applications (e.g>, Microsoft Word) are not trusted systems and cannot 
be made trusted without significantly altering their architectures. 

Accordingly, although certain trusted components can be deployed, users must 
continue to rely upon various unknown and untrusted elements and systems. On such 
systems, even if they are expected to be secure, unanticipated bugs and weaknesses are 
frequently found and exploited. 

Conventional symmetric and asymmetric encryption methods treat messages to be 
encrypted as basically binary strings. Applying conventional encryption methods to 
documents has some drawbacks. Documents are typically relatively long messages; 
encrypting long messages can have a significant impact ou the performance of any 
application that needs to decrypt the document prior to use. More importantly, 
documents are formatted messages that rely on appropriate rendering applications to 
display, play, print and even edit them. Since encrypting a document generally destroys 
formatting information, most rendering applications require the document be decrypted 
into clear form before rendering it. Decryption prior to rendering opens the possibility of 
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disclosing the document in the clear after the decryption step to anyone who wants to 
intercept it. 

There are a number of issues in rights management: authentication, authorization, 
accounting, payment and financial clearing, rights specification, rights verification, rights 
enforcement, and document protection. Document protection is a particularly important 
issue. After a user has honored the rights of the content owner and has been permitted to 
perform a particular operation with a document (e.g., print it, view it on-screen, play the 
music, or execute the software), the document is presumably in-the-clear, or unencrypted. 
Simply stated, the document protection problem is to pievent the coutent owner* s rights 
from being compromised when the document is in its most vulnerable state: stored, in the 
clear, on a machine within the user's control. 

Even when a document is securely delivered {typically in encrypted form) from a 
distributor to the user, it must be rendered to a presentation data form before the user can 
view or otherwise manipulate the document. Accordingly, to achieve the highest level of 
protection, it is important to piotect the document contents as much as possible, while 
revealing them to the user at a late stage and in a foim that is difficult to recover into a 
useful form. 

In the known approaches to electronic document distribution that employ 
encryption, an encrypted document is rendered in seveial separate steps. First, the 
enciypted document is received by the user. Second, the user employs his private key (in 
a public key cryptosystem) to decrypt the data and derive the document's clear content 
Finally, the clear content is then passed on to a rendering application, which translates the 
computer-readable document into the finished document, either for viewing on the user's 
computer screen or for printing a hardcopy. The clear content is required for rendering 
because, in most cases, the rendering application is a third-party product (such as 
Microsoft Word or Adobe Acrobat Reader) that requires the input document to be in a 
specific format It should be appreciated, then, that between the second and third steps, 
die previously protected document is vulnerable. It has been decrypted, but is still stored 
in clear electronic form on the user's computer. If the user is careless or is otherwise 
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motivated to minimize fees, the document may be easily redistributed without acquiring 
the necessary permissions from the content owner. 

While no system is completely spoof proof or immune to attack, some recent 
techniques protect digital works by limiting use of the digital work to a user-specified 
physical device. These techniques require the user to provide private i Jiformation or 
system state information from the system or physical device the user intends to use to 
render the digital work. System state information is typically defined as system 
configuration information such as system parameters, CPU identifier, device identifiers, 
NIC identifiers, drive configuration, etc. In these techniques, the digital content is 
encrypted using a session kcy t then the session key, rather than using the user is encryption 
key, is encrypted using a combination of the system or state information and the user's 
credentials. Then both the encrypted content and key are transmitted to the destination 
repository. In order to use the received encrypted work, the user must contact a trusted 
authorizing entity (usually a remotely located software program) which verifies the user's 
identity and credentials, then together with system state, decrypts the session key and 
finally decrypts the content for use* 

Commercial applications such as the secure Adobe Acrobat reader and the secure 
Microsoft MediaPlayer validate usage of the digital work by checking a license voucher 
for the appropriate user credentials and usage rights. Among the user credentials are 
system device identifiers such as the CPU identifier or certain device serial numbcis. At 
the time the user invokes an operation on the digital work, the application verifies if the 
specified device is present. This provides assurance that the digital work has not been 
transmitted to an unauthorized user (actually to an unauthorized device). While the 
programmatic check provides a ininimal level of assurance, it depends on the security of 
the secret, which resides on the user's device. Not only can the decryption key be 
violated, but also the device identifiers themselves are particularly susceptible to the 
threat of spoofing. 

The Acrobat Reader and MediaPlayer protection schemes operate by allowing the 
rendering application to identify required devices on the user system as specified in the 
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license voucher issued for the digital work. This provides a level of protection adequate 
in many circumstances (i.e., if the user is trusted and die user's specified rendering device 
is not susceptible to attack). The weakness of the schemes is that it is based on the 
assumption that neither the protection of the ciyptographic key nor the integrity of the 
license voucher will be compromised 

These techniques are really more of an authentication teciinique than a protection 
technique, in that once the user's identity and credential information, system state 
information is verified or license voucher received, the content is decrypted to its clear 
state and then becomes vulnerable to attack. The digital work is afforded no protection 
throughout usage. Further, the user information approach is problematic in that it 
assumes the user will be sufficiently deterred from passing along his/her personal 
information. In other words, for the user information approach to succeed there must be 
severe consequences for users who would reveal their private identity and credential 
information. 

A significant drawback to the schemes which Lie authorization a specific device is 
that they require the user to divulge sensitive information (e.g., CPU number or other 
personal information) which raises a concern regarding privacy issues. While the user 
divulges the information voluntarily (the user's only option if he/she does not wish to 
divulge this information is hot to receive the digital work) it would be desirable to 
provide a protection scheme that could secure a digital work on a user's device without 
requiring private information. It would also be desirable to provide a DRM solution 
which does not rely on the protection of the cryptographic key or the integrity of the 
license voucher. It would be desirable to provide a DRM solution which delayed 
decryption of the digital content to the latest possible moment. 

Accordingly, it would bo beneficial to provide an electronic document distribution 
scheme that minimi/as the disadvantages of known systems. Such a scheme would 
prevent users from obtaining a useful form of an electronically-distributed document 
during the decryption and rendering processes. 
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Summary of the Invention 

A self-protecting document ("SPD"), according to the invention, is not subject to 
the above-stated disadvantages of the prior art. By combining an encrypted document 
with a set of permissions and an executable code segment that includes most of the 
software necessary to extract and use the encrypted document, the self-protecting 
document accomplishes protection of document contents without the need for additional 
hardware and software. 

The SPD system is broken down between a content creator (analogous to the 
author and the publisher of the traditional model) and a content distributor. The 
author/publisher creates the original document, and decides what rights are to be 
permitted. The distributor then customizes the document for use by various users* 
ensuring via the customization that the users do not exceed the permissions they 
purchased. 

At the user's system, the self-protecting document is decrypted at the last possible 
moment In an embodiment of the invention, various rendering facilities are also 
provided within the SPD, so that the use of the SPD need not rely upon external 
application that niisbt not be txustwoithy (and that might invite unauthorized use). In an 
alternative embodiment, interfaces and protocols are specified for a third-party rendering 
application to interact with the SPD to provide trusted rendering* 

In one embodiment of the invention, the encrypted document is decrypted by the 
user's system while simultaneously "polarizing" it with a key that is dependent, at least in 
part, on the state of the user's system. The polarization may be ciyptugraphically less 
secure than the encryption used for distribution, but serves to deter casual copying. In 
this embodiment, depolarization is performed during or after the rendering process, so as 
to cause any intermediate form of the document io be essentially unusable. 

In another embodiment of the invention, a method of protecting a digital work 
uses a blind transformation function to transform an encrypted digital work into encrypted 
presentation data. The originator's digital content is protected in its original form by not 
being decrypted. This method enables the rendering or replay application to process the 
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encrypted document into encrypted presentation data without decrypting it firsL 
Encrypted presentation data is then decrypted just before it is displayed to the user. This 
method improves the overall performance of the process (both decryption and rendering) 
by miriimizing the decryption overhead (since pre-rendering decryption is generally more 
time and resource consuming) and postponing the decryption to a late stage of the 
rendering process. 

Blind transformation or blind computing can be accomplished io one of several 
ways. Most digital works include formatting information, which when encrypted cannot 
be processed by the replay or rendering application (the transformation function which 
transforms a digital work into presentation data). If the digital work is encrypted with a 
format preserving encryption scheme, any transformation function may be used- This is 
particularly useful in that any commercial replay or rendering application can process the 
encrypted digital work into encrypted presentation data. Otherwise, the blind 
transformation function is a function of the original transformation function. For 
example, the blind transformation function may be a polynomial of the original 
transformation function. Alternatively, both the blind transformatioji function and the 
original transformation function may be any multivariate, integer coefficient aftinc 
function. 

Not all encryption schemes are format preservjiig encryption schemes. Additive 
encryption schemes may be used with all document types and all associated 
transformation functions. In some replay or render applications, for some types of 
documents, portions of the format information may be left in the clear. In other types of 
documents all of the format irrformation may be encrypted. In some types of documents, 
an additive encryption scheme may be used to encrypt the format rnformation and any 
encryption scheme may be used to encrypt the content or data portion of the document. 

Tn particular, additive encryption schemes can be used to encrypt coordinate 
information of documents so that some rendering transformations can be performed on 
the encrypted coordinate data. In a special class of documents, token-based documents, 
for example, there are two places during the format-preserving encryption that use 
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encryption schemes: one is for coordinate or location information x and y of the particular 
tokens within the document, and the other is for the dictionary of individual token 
images. In order to perform blind transformation on the individual coordinates of the 
particular tokens in the document, the first encryption scheme must be an additive 
encryption scheme. However, the token dictionary may be encrypted with any encryption 
scheme. 

An encrypted token dictionary may still leak information such as the sizes of the 
token images. If this is a concern (such as if the token dictionary is small), the tokens can 
be padded with some extra bits before encryption. The padding can result in encrypted 
token images of a same size or several fixed si/.cs. For a token-based document, the 
coordinate information of the tokens in the dictionary may not be encoded. If it is desixed 
that coordinate information be encoded, say, as Huffman codewords, the same approach 
that is used to encrypt the identifiers can be used to deal with this situation. Basically, the 
codewords in location tables are left in the clear, and the codewords in the codeword 
dictionary are hashed using some one-way hash function and their corresponding 
coordinate information is encrypted. Dining rendering the codewords in the location 
tables are first hashed and then used to lookup their encrypted coordinate information. 

In another embodiment of the invention, a digital work and a system context (or 
resource information or system resource) are polarized enabling trusted rendering or 
replay of the digital work without depolarization of the digital content. In this 
embodiment the digital work is of the type which includes digital content and resource 
information. Resource information may include information used by a replay application 
to format or process the digital work into pLesentation data. Resource information may 
include, for example, a col lection of system resources available to the replay software on 
a particular system, such as the Font Table, Color Palette, System Coordinates and 
Volume Setting. 

Different types of digital works may be polarized. In addition to polarizing 
typical document type digital works, audio and video digital works can be polarized. The 
digital work and system context are usually polarized at a manufacturer or content 
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owner's location using a polarization engine. A polarization engine is a component used 
to transform the digital work and system context to their respective polarized forms, llie 
polarization engine employs a polarization scheme which relies on some polarization 
seed, an element used to initialize and customize the polarization engine. 

Various polarization schemes may be used to polarize a digital work. For 
example, a stateless polarization employs a random number as a seed to transform a 
digital work into a polarized digital work. A state-based polarization scheme employs a 
seed based on a system state or characteristic of a system to transform a digital work into 
a polarized digital work that is associated with that system state or characteristic. A 
dynamic state based polarization scheme employs a seed based on a dynamic system state 
or characteristic to transform a digital work into a polarized digital work la this 
embodiment, the polarized digital work will typically be provided with a polarization 
engine for repolarizing the encoded digital work and the encoded system context 
according to the dynamic state-based polarization scheme each time the system requests 
replay of the digital work. An authorization -based polarization scheme employs a seed 
based on authorization information received from a trusted source to transform a digital 
work into a polarized digital work. For further security, the polari/ed system context can 
be stored separately from the polarized digital work in a removable context device, which 
must be coupled to the system prior to use of the digital work. 

Preferably the polarization seed contains information which can be used to tie the 
particular digital work to the ultimate end user or an ultimate end user system* Typically 
the owner or distributor will select the type of polarization scheme to be used in 
polarizing the digital work and the type of polarization key to use depending on the value 
of the digital work. Like encryption schemes, polarization schemes come in different 
levels of complexity and strength. When a digital work is ordered, a copy of a portion of 
the digital work's resource information, called the system context, is made. The 
polarization seed is selected and both the digital work and the system context are 
polarized. A different: polarization scheme may be us^d for the system context than is 
used for the digital work. However the polarization seed is the same for both. The 
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polarized digital work and polarized system context are then provided to the user for 
replay or rendering on a replay or rendering system. 

in The format preserving encryption and trusted rendering embodiment of the 
invention, protection is provided until the encrypted presentation data must be decrypted 
into clear presentation data. In this embodiment of the invention, the replay application 
uses the polarized resource information to transform a polarized digital work into clear 
presentation data. 

If only the digital content of a digital work is polarized, leaving the resource 
information tin polarized or in the clear T the replay application will be able to process the 
polarized digital work into polarized presentation data. This means a depolarizer must 
depolarize the presentation data into clear presentation data suitable for viewing or use by 
the user. If a portion of a digital work's resource information is also polarized 
accordingly, when the replay application transforms the polarized digital work, the replay 
application uses the polarized system resource information to transform the polarized 
digital work into clear presentation data. All or just a portion of the required resource 
informadon may be polarized. The replay is blind in that the replay application does not 
see the original, unpolari^ed digital content. 

In this embodiment, a polarized digital work is transformed by the replay 
application using a polarized system context (resource information) to create clear 
presentation data; the replay application can be any commercial or third party application. 
The replay application need not be customized to depolarize the presentation data and no 
depolarizer engine is required. The replay application operates as a blind replay system 
(it processes polarized digital content using polarized system resources) and relies on a 
type of polarization which transforms or encodes the digital work such that the ability to 
replay it using a software program or device is tied to a specific resource information, 
thus protecting the content throughout use. 

Unlike systems which employ encryption to protect the digital work and 
eventually decrypt the digital work into its clear foim before the digital work is provided 
to the replay application, the blind replay system keeps the digital work encoded in the 
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polarized form (there is ao explicit decoding step in the blind reply) until the last possible 
moment of the replay process. In the blind replay system, the polarized digital work itself 
is never depolarized in the clear. Since presentation data is generally of a lesser quality 
than the original digital work, even if the presentation data is captured in its clear form, it 
cannot be easily (if at all) transformed back into the original digital work. 

Many different types of digital works and their resource iidormation may be 
polarized and replayed in a blind replay system. Digital works such as documents, text, 
audio files, graphics files and video files may be replayed in the blind replay system of 
the invention by polarization of an appropriate resource information. 

Brief Description of the Drawings 

The structure and function of the invention is best understood with reference to 
the included drawings, which may be described as follows: 

FIGURE 1 is a top-level block diagram representing a model for the creation and 
commercial distribution of electronic documents in either secure or insecure 
environments; 

FIGURE 2 is a flow diagram illustrating the decryption of protected electronic 
documents according to the art; 

FIGURE 3 is a flow diagram illustrating the decryption of protected electronic 
documents according to a simple embodiment of the invention; 

FIGURE 4 is a flow diagram illustrating the decryption of protected electronic 
documents according to a preferred embodiment of the invention; 

FIGURE 5 is a functional block diagram illustrating the data structures present in 
a self-protecting document according to an embodiment of the invention; 

FTGU RE G is a flow diagram illustrating the creation and customization of a self- 
protecting document according to an embodiment of the invention; 

FIGURE 7 is a flow diagram* from a user's perspective, illustrating the actions 
performed in handling and using a self-protecting document according to the invention; 

FIGURE & is a graph illustrating several possible paths between an uniendered 
and encrypted document, and rendered and decrypted presentation dUta; 
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FIGURE 9 is a flow diagram illustrating a polarization process according to the 
invention in which document format information remains in the clear for rendering. 

FIGURE 10 is a block diagram of a method of format preserving encryption and 
trusted rendering according to the invention; 

FIGURE 11 is a simple example of a document to be tokenized; 

FIGURE 12 is the token dictionary for the document of Fig. 1 1; 

FIGURE 13 is the location table for tire document of Fig. 11; 

FIGURE 14 is a block diagram Ulustratiiig a process for generating a polarized 
digital work and polarized system resource according to the invention; 

FIGURE 15 is a block diagram illustrating the conversion of a digital work into 
image data according to the art; 

FIGURE 16 is a block diagram illustrating a system for blind replay of a polarized 
digital work according to the invention; 

FIGURE 17 is a block diagram illustrating another system of blind replay of a 
polarized digital woik according to the invention; 

FIGURE 18 is a block diagram of an example structure of a digital document; 

FIGURE iy is an example digital document; 

FIGURE 20 is an example of the digital document of Fig. 16 after it has been 
polarized; 

FIGURE 21 is block diagram of an example structure of a resource information or 

system context for a digital document; 

FIGURE 22 is a block diagram of an example font table; and 

FIGURE 23 is block diagram of the font table of Fig. 22 after it has been 

polanVx^d. 

Detailed Description of the Preferred Embodiments 
The invention is described below, with reference to detailed illustrative 
embodiments. It will be apparent that the invention can be embodied in a wide variety of 
forms, some of which may be quite different from those of the disclosed embodiments. 
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Consequently, the specific structural and functional details disclosed herein are merely 
representative and do not limit the scope of the invention. 

Figure 1 represents a top-level functional model for a system for the electronic 
distribution of documents, which as defined above, may include correspondence, books, 
magazines, journals, newspapers, other papers, software, audio and video clips, and other 
multimedia presentations . 

An author (or publisher) 130 creates a document's original content 112 and passes 
it to a distributor 1 14 for distribution. Although it is contemplated that the author may 
also distribute documents directly, without involving another party as a distributor, the 
division of labor set forth in Figure 1 is more efficient as it allows the author/publisher 
1 10 to concentrate on content creation, and not the mechanical and mundane functions 
taken over by the distributor 1 14. Moreover, such a breakdown would allow the 
distributor 114 to realize economies of scale by associating with a number of authors and 
publishers (including the illustrated author/publisher 110). 

The distributor 1 14 then passes modified content 1 16 to a user 118. In a typical 
electronic distribution model, the modified content 116 represents an encrypted version of 
the original content 1 12; the distributor 1 14 enciypts the original content 112 with the 
user 1 18' s public key, and modified content 1 16 is customized solely for the single user 
11S. The user 1 18 is then able to use his private key to decrypt the modified content 116 
and view the original content 112. 

A payment 120 for the content 1 12 is passed from the user 1 18 to the distributor 
114 by way of a clearinghouse 122. The clearinghouse 122 collects requests from the 
user 1 18 and from other users who wish to view a particular document. The 
clearinghouse 122 also collects payment information, such as debit transactions, credit 
card transactions, or other known electronic payment schemes, and forwards the collected 
users* payments as a payment batch 124 la the distributor 114. Of course, it is expected 
that the clearinghouse 122 will retain a share of the user's payment 120. Li turn, the 
distributor 114 retains a portion of the payment batch 124 and forwards a payment 126 
(including roy aides) to the author and publisher 110. In one embc<iirnem of this scheme, 
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the distributor 1 14 awaits a bundle of user requests for a single document before sending 
anything out. When this is done, a single document with modified content 1 16 can be 
generated for decryption by all of the requesting users. This teciinique is well-known in 
the art. 

In the meantime, each time the user 118 requests (or uses) a document, an 
accounting message 128 is sent to an audit server 130. The audit server 130 ensures that 
each request by the user 1 18 matches with a document sent by the distributor 114; 
accounting information 131 is received by the audit server 130 directly from the 
distributor 1 14. Any inconsistencies are transmitted via a report 132 to the clearinghouse 
122, which can then adjust the payment batches 124 made to the distributor 114. This 
accounting scheme is present to reduce the possibility of fraud in this electronic document 
distribution model, as well as to handle any time-dependent usage permissions that may 
result in charges that vary, depending on the duration or other extent of use. 

The foregoing model for electronic cornmeice in documents, shown in Figure 1, is 
in common use today. As will be shown in detail below, it is equally applicable to the 
system and method set forth herein for the distribution of self-protecting documents. 

Turning now to Figure 2, the steps performed by the user 1 18 (Figure 1) in a prior 
art system for electronic document distribution are shown. As discussed above, 
cryptographic mechanisms are typically used to encipher documents. Those encrypted 
documents are then distributed and stored publicly and deciphered privately by authorized 
users. This provides a basic form of protection during document delivery from a 
document distributor to an intended user over a public network, as well as during 
document storage on an insecure medium. 

At the outset, an encrypted document 210 is received by the user 118 and passed 
to a decryption step 212. As is well known in the art, the decryption step 212 receives the 
user 118's private key, which is stored locally at the user's computer or entered by the 
user when needed. The document 210 is decrypted, resulting in clear content 216 similar 
or identical to the original content 112 (Figure 1). 



(47) 12 002-77137 ( P 2 0 0 2-7 7 1 3 7 A) 



The clear content 216 is passed to a rendering application 218, which constructs 
presentation data 220, or a usable version of the document's original content 1 12. In 
typical systems of this kind, the presentation data 220 is data immediately suitable for 
display on a video screen, for printing as a hardcopy, or for other use depending on the 
document type. 

As discussed above, the document is vulnerable in systems like this. The clear 
content 216 can be copied, stored, or passed along to other users without the knowledge 
or consent of the distributor 1 14 or the author/publisher 110. Even a legitimate user may 
be tempted to ininimb;e the licensing fees by capturing the document in the clear in order 
to redistribute and use it at will, without honoring the intellectual property of the content 
owners. As discussed above, the present Invention is directed to a scheme for preventing 
such a user from obtairiing a useful form of the document during the rendering process on 
the user's system. 

Accordingly, the system and method of the present invention sets forth an 
alternative scheme for handling encrypted documents at the user 1 1 B's system. A simple 
embodiment of this scheme is illustrated in Figure 3. 

Figure 3 looks similar to Figure 2, in that an encrypted document 3 10 is passed to 
a decryption step 312 (which uses a private key 314) and a rendering application 316, 
resulting in presentation data 318. However, an additional layer of protection is provided 
by a protecting shell 320. The protecting shell 320 allows the document 310 to be 
decrypted and rendered without ever leaving clear content {as in the clear content 2 16 of 
Figure 2) available to be intercepted. This is accomplished by including decryption and 
rendering elements within the document 310, as will be described below with reference to 
Figure 5> The included decryption and rendering elements are adapted to limit the user's 
interaction with the SPD, prohibiting certain operations (such as saving the document or 
perforating cut-and-paste operations) according to the user's permissions. 

Figure 4 is a more sophisticated version. The scheme of Figure 4 includes an 
intermediate "polarisation" step adapted to secure the document after it has been 
decrypted but before it is rendered. First, the encrypted document contents 410 are 
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passed to a polarizer 412. The polarizer 4 1 2 receives the user's private key 414 and, via a 
decryption step 416, decrypts the document contents 410. Concurrently, the polarizer 412 
receives a polarization key 418 from the user's system. 

This polarization key 41 8 is used by the polarizer 41 2 to transform the document 
to a version having polarized contents 420, All of these operations can take place in the 
open, without any kind of protective mechanism, provided the polarizer 412 does not 
store a clear version of the document between decrypting it and polarizing it. 

La one embodiment of the inveution, the polarization key 418 represents a 
combination of data elements, taken from the user's system 4 s internal state, such as the 
date and time of day, elapsed time since the last keystroke, the processor's speed and 
serial number, and any other information that can be repeatably derived from the user's 
system. It is useful to include some time -derived infoimation in the polarization key 418 
so that interception and seizure of polarized contents 420 would not be useful. Fuither 
rendering of the polarized document would not be possible, as the system time would 
have changed too much. 

Then, once again within a protecting shell 422, the polarized contents 420 are 
passed to a rendering application 424. As discussed above, typical rendering applications 
are third-party applications such as Microsoft Word or Adobe Acrobat Reader. However, 
it is likely that such external rendering applications will not be able to process the 
polarized contents 420* as the contents, any formatting codes, and other cues used by the 
renderer will have been scrambled in the polarization process. 

Hence, the rendering application 424 must be commutative (or at least fault 
tolerant), or it must receive polarized contents 420 that are largely complete and 
piocessable by the application. The latter possibility will be discussed below, in 
connection with Figure 9, 

The output of the rendering application is polarized presentation data 426, which 
has been formatted by the rendering applicadon 424 but is still polarized, and hence not 
readable by the user. The polarized presentation data 426 is passed to a depolarizer 428, 
which receives the polarization key 418 and restores the original form of the document as 
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presentation data 430. In one embodiment of the invention, the depolarization function is 
combined with the rendering or display function. In this case, the polarized presentation 
data 426 is received directly by a display device, which can be separate from the user's 
system and receive data over a communications channel. 

Creation of the polarization key 418, the rendering application 418, and the 
depolarization step 428 are all elements of the protecting shell 422; these are tamper- 
resistant program elements. It is contemplated that all computational (or transformation) 
steps that occur within the protecting shell 422 will use local data only, and will not store 
temporary data to any globally accessible storage medium or mei uory area; only the 
explicit results will be exported from the protecting shell 422. This approach will prevent 
users from easily modifying operating system entry points or scavenging system resources 
so as to intercept and utilize intermediate data- 
It should be noted that the presentation data 430 of Figure 4, in alternative 
embodiments of the invention, can be either device independent or device dependent. In 
the device -independent case, additional processing by a device driver {such as a display 
driver or a printer driver) typically is necessary to complete the rendering process. In the 
presently preferred device-dependent case, the device-specific modifications to the 
presentation data have already been made (either in the rendering application 424 or the 
depolarizing step 428), and the presentation data 430 can be sent directly to the desired 
output device. 

The decryption schemes described with reference to Figures 3 and 4 above are 
enabled by a unique document structure, which is shown in detail in Figure 5. As 
discussed above, certain operations performed by the system and method of the invention 
require trusted components. One way to ensure that certain unmodified code is being 
used to perform the trusted aspects of the invention is to provide the code along with the 
documents. The various components of a self- protecting document according to the 
invention are illustrated in Figure 5. 

The problem of document protection is approached by the invention without any 
assumptions on the presence of trusted hardware units or software modules in the user's 
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system. This is accomplished by enhancing a document to be an active meta document 
object. Content owners (i.e., authors or publishers) attach rights to a document that 
specify the types of uses* the necessary authorizations and the associated fees, and a 
software module that enforces the permissions granted to the user. This combination of 
the document, the associated rights, and the attached software modules that enforce the 
rights is the self -protecting document ("SPD") of the invention. A self-protecting 
document prevents the unauthorised and uncontrolled use and distribution of the 
document, thereby protecting the rights of the content owners. 

The self-protecting document 5 10 includes three major functional segments: an 
executable code segment 512 contains certain portions of executable code necessary to 
enable the user to use the eacrypted document; a rights and permissions segment 514 
contains data structures representative of the various levels of access that are to be 
permitted to various users; and a content segment 516 includes the encrypted content 1 16 
(Figure 1) sought to be viewed by the user. 

In a preferred embodiment of the invention, the content segment 516 of the SPD 
510 includes three subsections: document meta-mformation 518 (including but not 
limited to the document's title, format, and revision date), rights label information 520 
(such as a copyright notice attached to the text, as well as rights and permissions 
mformation), and the protected content 520 (the encrypted document itself). 

In one embodiment of the invention, the rights and permissions segment 514 
includes information on each authorized user's specific rights. A list of terms and 
conditions may be attached to each usage right. For example, user John Doe may he 
given the right to view a particular document and to print it twice, at a cost of $ 10. In this 
case, the rights and permissions segment 5 14 identifies John Doe, associates two rights 
with him (a viewing right and a printing right), and specifies terms and conditions 
including the price ($10) and a limitation on printing (twice). The rights and rxirmissions 
segment 514 may also include information on other users. 

In an alternative embcKiiment, the rights and permissions segment 5 14 includes 
only a link to external information specifying rights information. Jji such a case, the 
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actual rights and permissions arc stored elsewhere, for example on a networked 
permission server, which must be queried each time the document is to be used. This 
approach provides the advantage that rights and permissions may be updated dynamically 
by the content owners. For example, the price for a view may be increased, or a user's 
rights may be terminated if unauthorized, use has been detected. 

In either scenario, the rights and permissions segment 514 is cryptographically 
signed (by methods known in the art) to prevent tampering with the specified rights and 
permissions; it may also be encrypted to prevent the user from directly viewing the rights 
and permissions of himself and others. 

The executable code segment 512, also called the "SPD Control," also contains 
several subsections, each of which comprises a software module at least partially within 
the executable code segment. In one embodiment of the invention, the Java prograoiming 
language is used for the SPD Control; however, it is contemplated that any platform- 
independent or platform-specific language, either interpreted or compiled, can be used in 
an implementation of this invention. 

A rights enforcer 524 is present to verify the user's identity, to compare a 
requested action by the user to those actions enumeiated in the rights and permissions 
segment 514, and to permit or deny the requested action depending on the specified 
rights. The operation of the rights enforcer 524 will be discussed in further detail below r 
in connection with Figure 7. 

A secured polarization engine 526 is also present within the executable code 
segment 512; it serves to read and polarize the data according to the system state (or other 
polarization key) as discussed above. In a preferred emoxxUment of the invention, the 
polarization engine 526 acts upon the document before it is stored or decrypted, so the 
document is never stored in the clear on the user's system. The polarization engine 526 is 
secured, that is, it is cryptographic ally signed and encrypted, to prevent tampering, 
ieverse^ngineering, and disassembling. 

A counterpart depolarization engine 528 is also included to enable the generation 
of clear presentation data from the polarized content (see Figure 4). The depolarization 



(52) 12 002-77137 ( P 2 0 0 2-7 7 1 3 7 A) 



engine includes a set of secure window objects, providing a relatively tamper-proof 
interface to the rendering API (application program interface) of the user's system. The 
secure window objects are resistant to being intercepted, thereby reducing the possibility 
that the document, in its clear foim, can be reconstructed by intercepting and receiving 
the data intended tor the operating system. 

A counterpart depolarization engine 528 is also included to enable the generation 
of clear presentation data from the polarized content (see Figure 4). The depolarization 
engine 528 provides a relatively tamper-proof interface to the logical or physical output 
device (e.g., the user's display device). The input to the depolarization engine 528 is 
polarized presentation data. Therefore, if that data is intercepted, it will not reveal any of 
the clear content without further depolarization which depends on, for example, the user's 
system state, 

A secure viewer 530 is optionally included in the executable code segment 512. 
The secure viewer 530 is used to permit only those levels of access that are permitted 
according to the rights and permissions segment 514* For example, if the user purchased 
only sufficient rights to view a. document (and not to save or print it), the viewer will not 
permit the user to save* print, or perform the standard cut-and-paste operations possible in 
most modem operating systems. 

Finally, a rendering engine 532 is included or referenced within the executable 
code segment 512- The rendering engine 532 need not be secure. Accordingly, the code 
for the rendering engine 532 can be included within the SPD applet, or alternatively 
retrieved (via a secure lint) from some other location. In either case, the rendering engine 
532 is adapted to receive polarized document contents and produced polarized 
presentation data therefrom (see Figure 4). 

The foregoing aspects and elements of the self-protecting document 510iwill be 
discussed in further detail below, in conjunction with the operation of the system. 

Figure 6 shows the steps performed when a self-protecting document 510 is 
created and distributed. A generic SPD 610 includes no user-specific rights information 
and is cot encrypted for any particular user. The generic SPD 610 is created from three 
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items: the original document content 612, in clear (unencrypted) form; a high-level rights 
specification 614; and an optional waterrnajik 616. 

The content 612 is pre-processed (step 618) to lay out the document as desired by 
the author or publisher. For example, a preferred page size, font, and page layout may be 
selected. The content 612 is essentially "pre -rendered" in the content pre-processing step 
so that it will be in a format that is compatible with users' systems and the SPD. For 
example, the content 612 may be converted from Microsoft Word C'.DOC") or Adobe 
Acrobat (*' .PDF') format to a different format specially adapted to be read by the 
rendering engine 532 (Figure 5). Tn one embodiment of the invention, multiple versions 
of the content 612 are generated by the content pre-processing step and stored in the 
generic SPD 610; those different versions may then be separately purchased by the user 
according to his needs. 

The high-level rights specification 614 sets forth what combinations of access 
rights are permissible. Such a rights specification is tailored lo a particular document, 
and is capable of describing different groups of rights for different classes of downstream 
users. For example, a publisher may be given the right to distribute up to 100,000 copies 
of a document at a $1 .00 per copy royalty, with additional copies yielding a $2.00 royalty. 
Similarly, users may be given the option to purchase a version of the document that 
"times out" after one month, one year, or never. Several possible limitations are 
described with reference to a detailed example, which is svt forth below. 

Digital Property Rights Language (DPRL) is a language that can be used to 
specify rights for digital works. It provides a mechanism in which different terms and 
conditions can be specified and enforced for rights. Rights specifications are represented 
as statements in DPRL. For details, see, for example, U.S. Patent No. 5,715,403 to 
Stefifc, entitled "System for Controlling the Distribution and Use of Digital Works 
Having Attached Usage Rights Where the Usage Rights are Defined by a Usage Rights 
Grammar." Enforcement of rights and verification of conditions associated with rights is 
performed using the SPD technology. 
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Different rights can be specified for different parts of a digital work using a 
"work" specification. Within a work specification, different sets of rights applicable to 
this work are specified. Rights can be grouped into named-groups called "rights groups". 
Bach right within a rights group is associated with a set of conditions. Conditions can be 
of different types: fee to be paid, time of use, type of access, type of watermark, type of 
device on which the operation can be performed, and so on. DPRL allows different 
categories of rights: transfer, render rights, derivative work rights, file management rights 
and configuration rights. Transport rights govern the movement of a work from one 
repository to another. Render rights govern the plating and display of a work, or more 
generally, the transmission of a work through a transducer to an external medium (this 
includes the "export" right, which can be used to make copies in the clear}. Derivative 
work righls govern the reuse of a work in creating new works. File management rights 
govern making and restoring backup copies. Finally, configuration rights refer to the 
installation of software in repositories. 
An exemplary work specification in DPRL is set forth below: 

(Work: 

(Rights-Language Version: 1 ,02) 

(Woik-ID: "ISDN-1-55860-166-X; AAP-234S957tut 11 ) 

(Description: 'Title: 'Zuke-Zack, the Moby Dog Story' 

Author: "John Beagle* 

Copyright 1994 Jones Publishing' 1 ) 
(Owner: (Certificate: 

(Authority: "Library of Congress") 
(ID: "Murphy Publishers"))) 
(Parts: "Photo-Celebshots-Dogs-23487gfj" "Dog-Breeds-Chait-AKC") 
(Comment: "Rights edited by Pete Jones, June 19%.*') 
(Contents: (From: l)(To: 16636)) 
(Rights-Group: "Regular" 

(Comment: "This set of rights is used for standard retail editions/') 
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(Bundle: 

(Time: (Until: 1998/01/01 0:01)) 

(Fee: (To: "Jones-PBLSH-1 85467 89")(House: "Visa"))) 

(Play: 

(Tee: (Metered: (Race: 1.00 USD) (Per: 1:0:0) (By: 0:0:1)))) 

(Print: 

(Tee: (Pei Use: 10.00 USD)) 
(Printer: 

(Certificate: 

(Authority: "DPT" 

(Type: 4 TrustedPriiiter-6"))) 

(Watermark: 

(Watennark-Stn "Title: 'Zeke Zack = the Moby Dog* Copyright 
1994 by Zeke Jones. All Rights Reserved.") 
(Watermark-Tokens: user-id institution-location render-name 
render-time)))) 

(Transfer ) 

(Copy: (Fee: (Per-Use: 10.00 USD))) 
(Copy: (Access: 

(User: (Certificate: 

(Authority: "Murphy Publishers 77 ) 

(Type: "Distributor"))))) 

(Delete:) 
(Backup:) 

(Restore: (Fee: (Per-Use: 5.00 USD))))) 

This work specification has a rights group called "Regular^' which specifies rights 
for standard retail editions of a book titled '"Zuke-Zack, the Moby Dog Story." The work 
specification expresses conditions for several rights: play, print, transfer, copy t delete, 
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backup, and restore. The work in the example includes two other parts, a photograph and 
a chart of breeds incorporated from other sources. A "bundle" specification bundles a set 
of common conditions that apply to all rights in the group. This specification states that 
all lights in the group are valid until January 1, 1998 and that the fee should be paid to 
account "Jones-PBLSH-18546789" The clearing-house for this transaction should be 
Visa. The following contract applies: the work can be played by paying $1.00 every hour, 
where fee is accumulated by the second; the work can be printed on TrustedPrinter-6 
which is certified by "DPT" for a fee of $10.00 per print; the printed copy should Lave a 
watermark suing (as depicted) and a b'st of tokens signifying "fingerprint" information 
known at the time it is piintcd; this work can be copied either by paying $10.00 or by 
acquiring a distributor certificate from Murphy pubhshing; and unrestricted transfer, 
deletion or backing up of this work is permitted (restOLation costs $5.00). 

The high-level rights specification 614 is also subject to a pre-processing step 
(step 620), in which the high-level (i.e„ human-readable) specification is compiled into a 
more-efficient data stiucture representation for use by the invention. 

The generic SHD 610 is theu created (step 622) by combin ing the pre-processed 
content 61 2, the pre-processed rights specification 614, and the watermark 616, A 
watermark may be added by any means known in the art; it may be either visible or 
concealed within the SPD. The generic SPD 610 may also optionally be encrypted by the 
author/publisher 1 10 for transmission to the distributor 114 (Figure 1). 

The generic SPD 610 is then received by the distributor 1 14, and is stored for later 
customization. When a user request 624 is received by the distributor 1 14 (either directly 
oi through the clearmghouse 122 or other intermediary), the distributor 114 creates a set 
of user permissions (step 626) that is consistent with both the user request 624 and the 
rights specification 614. If there is no such consistent set of permissions^ then no ftirther 
action is performed on that user's behalf (other than an optional notification message to 
the user). 

The user permissions and the user's public key 628 are then used to generate {step 
630) a customized SPD 632 adapted to be used by the user. The user permissions from 
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step 626 are stored in the rights and permissions segment 514 of the SPD 632, and the 
user's public key 628 is used to encrypt the content in the content segment 516 of the 
SPD 632. A public-key encryption mechanism can be used to transform the SPD from 
the generic form to the customized SPD 632. Such a mechanism is useful if the SPD has 
to be confidentially transferred between different parties, e.g., author to publisher to 
retailer to consumer, with rights protection at each stage. It should further be noted that 
multiple user requests can be composed and accommodated within a single SPD 632; 
there are techniques known in the art that are capable of using multiple public keys to 
encrypt a document such that any of the users* private keys can be used to decrypt it. 

The resulting custom SPD 632 is then transmitted to the user 1 18 by any available 
means, such as via a computer network or stored on a physical medium (such as a 
magnetic or optical disk). 

The operations performed when a user receives an SPD are depicted in the flow 
diagram of Figure 1, The SPD is first received and stored at the user* s system (step 710); 
in many cases, it is not necessaxy to use the SPD right away. When usage is desired, the 
user is first authenticated (step 712), typically with a user name and a password or key. 
The system then determines what action is desired by the user (step 714). When an action 
is chosen, the rights-enforcement step of the invention (step 716) verities the conditions 
associated with the desired action (such as the fee, time, level of access, watermark, or 
other conditions); this can be performed locally via the SPD applet 5 12 (Figure 5) or by 
accessing a rights enforcement server. 

If the rights enforcement step (step 716) fails, an update procedure (step 718) is 
undertaken. The user may choose to update his permissions, for example by authorising 
additional fees. After the satisfactory verification of conditions, a pre-audit procedure 
(step 718) is performed, in which the SPD system logs verification status to a tracking 
service (e.5., the audit server 130 01 Figure 1). The content is then securely rendered to 
the screen (step 722) as discussed above. When the user is finished, a post-audit 
procedure (step 724) is performed in which the amount of usage is updated with the 
tracking service. The SPD system then awaits further action. 
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The protection yielded by the SPD is derived from the user's inability to capture a 
useful form of the document at any intermediate stage during the rendering process. This 
is accomplished by decrypting the document contents to a clear foira at the latest possible 
stage, ideally in the last step. 

The SPD decryption model is illustrated in Figure 8. E denotes the encryption 
function performed by the publisher; D denotes the decryption performed at the user's 
system, sod R denotes the rendering transformation. Many prior systems use a First 
sequence of transformations 810, D(E(x)) followed by R(D(E(x))). As stated previously, 
the early decryption leaves the document in a vulnerable state. Ideally, the 
transformations are performed in the reverse order 812, R'(E(x)) followed by D(R'(E(x))). 
This postpones decryption to the latest possible time. 

The existence of R\ a rendering operation that can be performed before 
decryption, is determined by the following equality: 

D(R'{E(x)))-R(D(E(x))) 
In case that the encryption and decryption functions are commutative, that is, E(D(x)) = 
D(E(x)) for any x, the existence of R' is ensured: 

R' (y) = E(R(D(y))) for y = E(x) 
In practice, encryption and decryption functions in popular public- key cryptographic 
systems such as the RSA system and ElGamal discrete logarithm system satisfy the 
commutation requirement This means that the transformation R' exists if these 
cryptographic systems are used for encryption and decryption. 

The path x' = D(R'{E(x))) portrays an ideal SPD solution to the document 
protection against unauthorized document usage and distribution. A scenario of 
distributing and using a document can be described as follows. When a user purchases 
the document* the document is encrypted using a user's public information and is 
transmitted over an insecure network channel such as the Internet. The encrypted 
document has the rights information attached to it and a protecting applet 512 that 
enforces the rights and permissions granted to the user by the content owner. Upon a 
user's request on using the document, the applet verifies the rights and permissions and 
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generates from the encrypted document the presentation format of the original document. 
As any intermediate form of the document before the final presentation data is encrypted 
with the user's private information, the SPD model of document protection ensures that 
any intermediate form of the document is not useful to other systems wherever it is 
intercepted. 

Clearly, this ideal model relies on whether or not the transformation R* that 
corresponds to the rendering transformation R can be computed efficiently, and in 
particular on whether or not an invocation of the decryption function D is necessary 
during an implementation of R'. A trivial case in which R' can be implemented 
eiTiciently is where R is commutative with the encryption function E. When this 
happens, 

R'(y) -ECR(D(y)» = R(E(D(y})) -= R(y) 
for y = E(x)> In this case, R' - R. 

Consideration of Figure 8 reveals that many intermediate solutions (e.g., 
intermediate solutions 814, 816, and 818) to the document protection problem may exist 
on the user's system between the two extremes x' = R{D(H(x))), which has no protection 
en x -= D(E(x)), and x' - D(R'(E(x))) t which lias ideal protection (under the assumptions 
set forth above). As depicted in Figure 8, one? may consider different paths from the 
encrypted document E(x) to the presentation data x' that correspond to different 
combinations of partial rendering transformaTions and partial decryption rransformatioiis. 
Again, it should be recognized that delaying the decryption D in any path increases the 
protection level to the document 

As discussed above, one alternative method of delaying decryption to the last 
possible moment employs a polarization technique that encrypts only the document 
contents, not the format or the entire document as a whole. This possibility is shown in 
Figure 9. Beginning with the clear document content 910 (which, it should be noted, 
does not exist in any single identifiable location during the user's processing, but is rather 
a transient state eweurring within step 412 of Figure 4), the document is split (step 912) 
into a data portion 914 and a format portion 916. The data portion 914 is polarized (step 
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918) using the polarization key 920 and merged (step 922) with the clear format portion 
916. This results in polarized content 924 that can be rendered to polarized presentation 
data without first decrypting the content. It should be observed that this form of 
polarization is likely less secure than wholes;ue encryption with the polarization key, 
since a lot of information can potentially be derived from the layout of a document, word 
lengths, line lengths, etc.; howevei, this scheme will present a useful deteireat to casual 
copyright infringement 

A method of protecting a digital work during replay which employs a blind 
transformation function is shown with reference to Figure 1 0. In Figure 10, an encrypted 
digital work 1010 is provided to replay application 1012. Digital work 1010 has beeo 
encrypted with a format preserving encryption scheme which enables replay application 
1012 to generate encrypted presentation data 1016, Encrypted presentation data 1016 is 
then sent to decryption engine 1018 where it is decrypted into clear presentation data 
1020, Presentation data is now in the clear, but less likely to be regenerated into the 
original digital form. If presentation data 1020 can be viewed or used directly by the user, 
then no further processing is required. However, sometimes an additional rendering is 
required by a display system such as a printer. In such a case, presentation data 1 020 is 
provided to the display system's rendering application (in the case of a printer this could 
be a decomposer) 1022 which generated image data 1024. Image data 1024 is then 
provided to display device 1026. 

In a general context, the problem of blind transformation can be stated as follows. 
Suppose a client Cathy wants a server Steve to compute for her a function value F(a,x) 
with his (public or private) data a and her private data x, and Cathy wishes, for privacy 
concerns, that the transfoimation is done without Steve knowing her private data x and 
the function value F(a,x). From Steve's point of view, this means that he computes F(a,x) 
for Cathy but with his eyes blindfolded. What this means is that Cathy would like the 
server Steve to perform the transformation only with data E k (x) encrypted using Cathy* s 
key k, and return to her the function value Efci(F(a,x)) again encrypted using her key k. If 
Steve can perform the transformation using encrypted data, then Cathy has avoided 
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disclosing tiie data x in the clear and the result F(a,x) in the clear. The ideal model of 
blind transformation with partially encrypted data is shown below: 

(flpjr)— M^^W) 

Fl if" 

The function F* that makes the diagram commute is what Steve really computes, and the 
transformation result F(aJE k (x)) - EtCFfa.x)) is ready for deoyption to reveal the desired 
function value Ffox). As Steve does not "see*' the clear data x as well as the function 
value F(a^ k), he carries out a "blind" transformation for Cathy. 

A protocol for blind transformation can be described as follows for trie blind 
evaluation of the function F(a,x): 

(i) Cathy encrypts x using her encryption key k, resulting E t (x). 

(ii) Cathy sends E k (x) to Steve. 

(iii) Steve evaluates the modified version F* of the function F at the clear data a 
and encrypted data Et(x). 

(iv) Steve returns the result F(a,Ek(x)) back to Cathy. 

(v) Cathy decrypts F(a 7 E k (x)) using her decryption key k~ ! and obtains F(a,x). 
The ideal model of blind transformation introduced here can be regarded as a 

generalization of blind signatures and instance hiding. Blind transformation now allows 
partially encrypted data as input and, more importantly, it permits the function K that the 
server computes to be possibly different from the intended function F. By computing F 7 
instead of F, the server, though still blindfolded, is aware of the input being partially 
encrypted and hence is cooperative with the client. The blind transformation and secure 
mobile computing share a common goal in keeping the function value that the server 
computes private to the client but they differ in that the client supplies the data input and 
the server supplies (a program that evaluates) the function in blind transformation, while 
It is tbe other way around in secure mobile computing. Note that blind transformation 
allows some portion of the data (e.g., a) to be in clear. This enables use of some dynamic 
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yet clear data in the rendering process, such as display window size, reference positions 
for shifting content, scaling factor and coefficients in a rotation operation. 

Blind transformation works only if there exist functions F and F* to compute the 
encrypted data. It can be shown that multivariate, integer coefficient affine functions 
using additive encryption schemes permit many document rendering functions of the 
affine type on the x- and y coordinates to be evaluated in blind txansfoimation. For a 
given encryption scheme S, a function F : X -» X is said to be S-blindly computable if 
there exists some function F* : X — > X such tbat the computational complexity for 
evaluating F* is a polynomial of the one for evaluating F, and 

for any k s K and xeX. A function F; X -* X is said to be blindly computable if there 
exists an encryption scheme S with X being a subset of its message space such that F is S- 
blindly computable. 

Any multivariate, integer-coefficient affine function is S-blindly computable for 

k 

any additive encryption scheme. Specifically, let F*o;at, . . .ak( x i> • ■ - » x t) = x 0 + X 06 

a multivariate affine function with a constant Xo e X, integer coefficients a, and variables 
Xi, . . . Xt in X. Then, for any key k € K, theie exists a computationally efficient function 

(v 1 v-,yj = y 0 ee^y 1 - such that 

Indeed, the constant yo and integer coefficients in F\ Mt _j^ can be taken to be y 0 = 
E k (xo), U = a it i= 1, . . . , k. The blind transformation of multivariate, integer coefficient 
affine functions using additive encryption schemes allows many document rendering 
functions of the affine type on the x-and y^cordinates to be evaluated in the blind 
manner, providing a theoretical foundation for the format-preserving encryption and 
busted rendering of documents described herein. 
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A document is usually a message that conforms to a certain format. For document 
encryption, in addition to simply encrypting the entire document, there are many different 
ways to encrypt only some parts of the document. The goal here is that the information 
leakage about the unencrypted portion cannot be used, or if it does leak, it is 
computationally difficult to reconstruct the clear, original document. 

If an encryption scheme which preserves formatting information of the digital 
work, then any transformation function (repleiy application or rendering application) may 
be used. An example of a format preserving encryption method is described for 
convenience with reference to token-based documents. The method for fonnat- 
p reserving encryption can be easily extended or applied to documents in other formats 
(such as HTML/XML, Microsoft WORD, Acrobat PDF, etc.). In a token-based format 
such as the Xerox DigiPaper, each page image of a document is represented as a 
"dictionary" of token images (such as characters and giaphies elements) and location 
information (indicating where those token images appear in the page). Thus, multiple 
occurrences of the same token in tiie document can be represented using just a single 
image of that token in the dictionary. 

The process of rendering a document in such a format is then accomplished by 
consecutively reading in token locations, retrieving images of the tokens from the 
dictionary and drawing the images at the specified locations. The benefits of token-based 
documents are compact ille size and fast rendering speed for use in distributing, viewing 
and printing of electronic documents. In the DigiPaper format, tokens are stored as 
binary images using the CCITT Group 4 compression format, or as color images using 
JPEG compression, and the position information of the tokens is further compressed 
using Huffman coding. 

For convenience, a token-based document D of P pages is formally modeled as a 
table (dictionary) of tokens T of size ITl, togeither with a sequence of P tables of locations 
of size CUI(1 <i< P). representing the P page images. Each entry TJj], 1 < j < ITI, is a 
pair (idGTtlj]) of an identifier id[j] and an ima^e of the j-th token. Each entry I^fkJ, 1 
< k < DUJ, in the i-th image location table 1^ is a binle (id{k],x[k],y[k]) representing the k- 
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th token occurrence in the i-th page image, where id[k] is the token identifier, and x[k] p 
y[k] are its x and y-coordinate differences from the previous (k -l>th token occurrence 
in the page. For example, take the simple document shown in Figure 1 L The token 
dictionary and location table (using x, y coordinates) for this document are shown in 
Figures 12 and 13 respectively. 

The schematic pseudo-code Render(D) below shows how page images of a 
document D are rendered. In the code, x 0 , yo are the base references for the x- and y- 
coordinates for each page, Lookup(T,id[k]) is a subroutine that, upon the input of the 
dictionary T and a token identifier id[k], returns a token image t in T corresponding to the 
given identifier, and Drawfoy.t) is a subroutine that draws the token image t at the 
location (x,y). 

Render(D) 
{ 

Load T into memory 
for i = 1 to P do 
{ 

Load Li iiito memory 
x =xo 

y = yo 

for k - 1 to BJ do 

{ 

x = x + x[k] 

y=y + yM 

t = LookupCT^dM) 
Draw(x,y,t) 

} 

} 
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In addition to the shifting transformation x r = x + a, / = y + b as used in the 
schematic rendering process described above, there are several other coordinate 
transformations that may occur during the document rendering. 

Scaling. The scaling transformation is; of the form x' = ax, / = by, where a and b 
are scaling factors for the x^coordinate and yn^oordinate, respectively. Scaling may be 
caused by resizing the display window or print paper 



b, c, d, which form ^ 2-by-2 rotation matrix. This transformation is needed when the 
page image is rotated. 

Affine Transformation . An affine traitsformation is one of the form x = ax + by + 
c; y = cx + dy + f for some constants a, b, c, d, e, f. In the vector form, it is: 



cases of affine transformations. It is those affine type transformations that make it 



used to carry out blind transformation of functions of the affine type, winch provides a 
foundation for trusted rendering of documents. Blind transformation by a rendering 
transformation R and R' of an encrypted document satisfies the relationship: D(R'(E(x))) 
= R(D(E(x)», where E is an encryption function and D is a decryption function for R If 
E(x) is an additive enciyption scheme, then R' = R. 

An encryption scheme S generally consists of basically five components: (i) a 
message space X which is a collection of possible messages, (ii) a ciphertext space Y 
which is a collection of possible encrypted messages, (iii) a key space K which is a set of 
possible keys T (iv) a computationally efficient encryption function E : K x X — > Y and (v) 
a computationally efficient decryption function D : KxY —» X . For eacu key k <e K, 
there is a unique key k" 1 <= K, such that the enciyption function E k = E{k, ) : X Y and 



Rotation . The rotation transformation is 




for some constants a, 




Clearly, shifting, scaling and rotation transformations are special 



possible to achieve a high-level trusted rendeiing under encryption of coordinate 
information using additive encryption schemes described below. 

A special class of encryption schemes , namely, additive encryption schemes, are 
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decryption function D^, = D(k~\ ) : Y -¥ X satisfy that, for every message x € X, 
D k _ t (E k (*)) = x . The key k is called an encryption key and k* 1 its corresponding 
decryption key. 

Such defined encryption schemes can be varied in several ways to cover a wide 
range of concrete encryption schemes used in practice. One variation is to consider 
whether or not keys used for encryption and decryption are different. In the case where 
all encryption keys k are same as their corresponding decryption keys k~\ the scheme is a 
symmetric (or private-key) one; otherwise, the scheme is asymmetric. In the case where, 
for all possible k, k" 1 is different from k and computationally difficult to derive from k, 
the scheme is a public-key encryption scheme. 

Another variation is to differentiate deterministic and probabilistic encryption 
schemes. In a deterministic scheme, all the encryption and decryption functions E k and 
D k _[ are detenninistic functions, while in a probabilistic scheme the encryption function 
Ek can be non-deterministic, namely* applying the function to a message twice may result 
in two different encrypted messages. 

An additive encryption scheme is an encryption scheme whose message space X 
and ciphertext space Y possess some additive structures and encryption function 
E k = E{k, ) : X — > Y is homomorphic with respect to the additive structures. 
Specifically, let X = (X, 4-, 0) and Y - (Y,© 3 0) be two commutative semigroups with 
(possibly different) zero elements 0 satisfying, for example, for all x, x + 0 = x and 0 -h x 
-= x, and efficient operations + and 0. An encryption scheme is said to be additive if* for 
any k e K and any x, x' e X, E k {x + x') = Et(:ic) © E t (x'), and the operation e does not 
reveal the clear messages x and x'. The last c ondition on @ makes additive encryption 
schemes non-trivial. Without this condition, 1lie operation ffl on Y can be trivially 
defined y B / = Ek(Dk-i{y) + D^C/)); that is, it is accomplished by first decrypting the 
arguments, then adding them together and fuxilly re-encrypting the result. 

Closely related to additive encryption schemes are multiplicative ones. An 
encryption scheme is said to be multiplicative if its spaces X and Y have the ring 
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structures (i.e., in addition to their additive structures, they have respective 
multiplications x and ® that are distributive over their additions + and ©, and 
multiplicative idealities), the encryption function Et is homomorphic with respect to the 
multiplications, E k (x xx> E k (x) ® E k (x'); and the operation ® does not reveal the clear 
messages x and x\ 

la general, additive (as well as multiplicative) encryption schemes are not non- 
malleable, since a non-malleable scheme requires that, given an encrypted message it is 
(at least computationally) impossible to generate a different encrypted message so that the 
respective clear messages are related. Accordingly, they have a weakness against active 
attacks where the adversary attempts to delete, add or alter in some other way the 
encrypted messages. However, when these schemes are used to euciypt documents, extra 
measures in data integrity and message authentication can be taken to reduce risks caused 
by these active attacks on document integrity as well as confidentiality. Moreover, end 
users are less motivated to initiate active attacks, as the attacks will affect document 
contents that the users are going to use and consume. 

Not all encryption schemes can be defined as additive ones Ln an easy and natural 
manner. In fact, some encryption schemes an; designed witii a requirement of being non- 
additive or at least being able to convert into non-additive. Nevertheless, there are many 
examples of additive encryption schemes that can be used in The method of format- 
preserving encryption and ousted document rendering. Mult, Exp and EG (three 
deterministic schemes), OU (probabilistic) and RSA are examples of additive encryption 
schemes (with varying degrees of vulnerability to attack) may be used in the format 
preserving method 

Multiplicative Cipher (Mult) is a symmetric encryption scheme, where X — Y = 
Za -ts {0, 1, . . . i.i-l } for some integer n > 0. The encryption of a message x using a key a 
is 

y = E a (x) - ax(mod n) 
and the decryption of a message y using a key a is 
x = D a (y) = a 'yOnod n)> 



(68) 32 002-77137 ( P 2 0 0 2-7 7 1 3 7 A) 



where a" is the multiplicative inverse of a mcdulo n. 

Exponential Cipher (Exp) is a symmetric cipher, where X = and the 
ciphertext space Y -= Zp for some prime p, and K is the set of all generators of tte 
multiplicative group Z* p . For any generator g e K, the encryption function is defined as 
the. exponential function 

E g (x) = g x (mod p), 
while the decryption function is defined as the logarithm function 

D*(y) = U>&y (mod(p- 1)). 

Semi-probabilistic ElGamal Cipher (EG) extends the exponential cipher to the 
ElGamal cipher, which leads the ElGamal cipher to run in a, semi-probabilistic mode. For 
each message xt= 2^ where Zp = { 1, . . . p-1 ] for some prime p, g is a generator in the 
multiplicative group Z* ?p the private decryption key for a user is a random number a e 
Z*p_i t the public encryption key a -= g*(mod p) g Zp, the encryption EJX r) depends on a 
umfomily chosen random number r e 

EJjzj:) = (g r (mod p), xa r (mod p)) - (s,t). 
For an encrypted message (s, t), the decryption function is defined as 

D^O-KsT^rnodp). 

The ElGamal cipher hi its original form as described above is hardly additive. 
However, the operator © can be partially defi aed on the ciphertext of those x*s that share 
a same random number r T as follows: 

E„(x, r) 8 E,(x' f r) = (s, t) S (s, f) = fa t + O = E B (x + x'(mod p), r). 
fhis paitially defined operation is appticable when a batch of messages arc encrypted 
using a same random number r. 

Okamoto-Uchiyama Cipher (OU), Qkamoto and Uchiyama proposed an additive, 
public-key encryption scheme in T. Okamoto and S. Uchiyama "A New Public -Key 
Cryptosystem as Secure as Factoring", Eurocrypt f 98 t Lecture Notes in Computer Science 
1403, 308-318, 1998, which is probabilistic ajad provably as secure as the intractability of 
factoring n = p 2 q against passive adversaries. Chouse two large primes p, q of k bits for 
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some k > O.and let n = p 2 q. Choose g e Z*„ at random such that the order of g p = g?~ 
'(mod p^ ) is p. Let h = g n (mod n). The message space X of the OU scheme is the set 
Zf p {not the set { 1, . . } as claimed by Okamoto and Uchiyama) and the ciphertext 
space Y is Z„. For a user, a public key is a tuple (n t g, h, k) and its corresponding private 
key is the pair (p, q) of the primes. To encrypt a message x e X, a random number r e Z, t 
is chosen uniformly. Then the encrypted message is 

y = E^.g.h^x.r) = g x h r (mod n). 
To decrypt the encrypted message y, a "logarithmic" function L : T — > I~\ 

UxJ-Cx-Dp 1 (modp 5 ) 
is used, where T is the p -Sylow subgroup of Z* P 2 > i.e., F = { x e Z* P 2 I x = l(mod p) } . 
With the function L, the decryption function is 

x = D p „(y) = Uy^ 1 (mod p^gp^modp 2 ). 

New additive encryption schemes can be constructed from existing ones via the 
composition construction of encryption schemes. Hie composition construction can also 
be used to construct additive encryption schemes from non-additive ones* For instance, 
the composition of the exponential cipher Exp and any multiplicative encryption scheme 
S (such as RSA) results in an additive one. 

Additive encryption schemes enable blind transformation with partially encrypted 
data, which serves a foundation for trusted rendering of documents, as discussed above. 
In particular, additive encryption schemes can be used to perform blind transformation of 
affine functions with clear coefficients and encrypted variables. 

Returning to the example of a token-based document, since a token-based 
document D consists of a dictionary T of token images and a sequence of location tables 
Li (one for each page image), the idea is to encrypt the content of the dictionary T and 
location tables Lj, resulting in a dictionary T* of encrypted token images and tables L'i of 
encrypted locations. Recall that the dictionary T consists of a collection of pairs {id[j], 
t|j])t j = 1, - - - ITL Associated with T is a subroutine Lookup in the rendering process 
that, given a valid token identifier id, returns its corresponding token image t in T. In 
encrypting the dictionary T, there are three basic choices: encrypting token identifiers, 
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token images, or both. Encrypting either identifieLS or token images helps unlink the 
connection between the identifiers and their token images. In addition, encrypting token 
images protects proprietary token images. In any case, it is desirable to allow valid access 
to the dictionary only within the rendering process P, while making it computationally 
difficult to obtain a copy of the entire, clear contents of the dictionary. This is possible 
because in many cases the valid identifiers (e.g., Huffman codewords) are only a very 
small subset of all binary strings of up to a certain length, and consequently any 
exhaustive identifier search will not be efficient 

More formally, given the dictionary T and the Lookup subroutine that accesses it* 
tbe requirement on encrypting the dictionary is that the encrypted dictionary T' and the 
corresponding subroutine Lookup' satisfy the following constraints: 

(1) For any encrypted identifier Ek(id), Lookup'CT'jEtfitl)} = Ek(Lookup{T,id)} and 

(2) Given T and Lookup', it is computationally infeasible to reconstruct T. 
For an encryption scheme S, T and Lookup' can be constructed as follows. Let 

ID be the set of all syntactically possible identifiers; in particular, ID*ci ID t where ID* - 
{id I (id,t) e T}. l^et h be a one-way liash function whose domain is ID. Then the 
encrypted token dictionary T' is derived from T as follows: for every (id,t) pair in T, a 
pair (h(id)JEt(t)) is inserted into T. The modified subroutine Lookup' uses the algorithm: 

Lookup'(T4d) 

{ 

id' = h(id) 

f =Lookup(r,idO 

return (t*) 

} 

Notice that the return value of Lookup' is an encrypted token image. The decryption of 
this image will be postponed to into the final subroutine Draw' in the rendering process, 
which is part of the trusted rendering described below. 
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This dictionary encryption is computationally feasible, both in terms of storage 
space overhead and in terms of running-time overhead, to compute with encrypted 
versions of token dictionaries. If the hashing and encryption algorithms used in the 
Lookup' subroutine axe secure enough, then it is computationally Yery difficult to recover 
T given T' and Lookup'. 

Since each entry in a location table L| consists of an identifier, and location 
difference in x- and y-coordinates, any combination of the three elements can be 
encrypted. To encrypt the location Information, an additive encryption scheme is 
recommended to enable applying any rendering transformation of the affine type to the 
location coordinates. For identifiers, a trade-off between document compression and 
document protection must be made. In a tukeu4>ased document, a token identifier is 
usually a codeword of some coding scheme for the compression purpose. For example, 
when the Huffman code is used to compress the document, the identifiers are the binary 
Huffman codewords of the tokens based on their occurrence frequency in the document. 
In this case, simply using a deterministic encryption scheme to encrypt these identifiers 
offers no effective protection on them. This is because the scheme does not change the 
occurrence frequency of each token, and hence anyone can re-count the number of 
occurrences of the encrypted identifiers to re construct the Huffman codewords that are 
the identifiers. Therefore, in order to hide occurrence frequencies of the tokens in the 
document, it is preferred to use a probabilistic encryption scheme to encrypt the 
identifiers. However, this will interfere with the optimal encoding carried in the 
identifiers (codewords) and reduce the document compression ratio. This may be 
undesirable for token-based documents, as achieving a good document compression is 
one of the design goals for token-based documents. 

A reasonable compromise for encrypting Li is suggested. Choose an additive 
encryption scheme S, preferably a probabilistic and asymmetric one like the Okamoto- 
Uchiyama cipher OU if encryption and decryption efficiency is not a big problem. For 
each entry (id,x,y) in Li, insert (idJSt(x)JEk(y)) into L\. If it is also necessary to encrypt 
the identifiers, entries like (Et(id),Et(x)JEfc(y)) may be inserted into the location table LV 
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But in this case, the entries in the encrypted dictionary T need to be changed to 
(E k (id) T E k (t)) , s^ and the subroutine Lookup' above also needs to be modified to reflect the 
change. 

With the format-preserving encryption of a token-based documeat mentioned 
above, the document content can also be protected during the rendering process. The idea 
is to delay decryption into Draw'(jt t y,t). The rendering process is given shown below. 
Render(D) 
{ 

Load T into memory 
for i = 1 to P do 
{ 

Load Li into memory 

x = Eic(xo) 

y™E k (y 0 ) 

for k -= 1 to UJ do 

t 

x - x © x[k] 

y = ySy[k] 

t = Lookup'(T',id[k]) 

Draw'(x,y T t) 

} 

} 

} 

Draw'(x,y,t) 
{ 

x - Dk_i(x) 

y - Dk-Ky) 

Draw(x,y,t) 
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} 

During the process, all the coordinate and token image information remains encrypted 
before calling the subroutine Draw'(x r y,t). Ttiis is possible for the coordinate information 
because the encryption scheme is additive. Consequently, the content protection level 
and rendering process performance of the rendering process rely on the security strength 
and computational complexity of the scheme used. 

In another embodiment of the invention, a digital woik is polarized enabling 
trusted rendering or replay of the digital work without depolarization of the digital 
content or the presentation data. In this embodiment, the digital work is the type which 
includes digital content and resource information (also called a system context). 
Resource mformatiori includes formatting information or other information used by a 
replay or tendering application to convert the digital work into presentation data. 

Polarization is a type of transformation which renders the original content 
unreadable or unusable. For a digital work w, a polarization scheme T\ which uses a seed 
s T generates a polarized digital work w* according to: w' = T(w, s). The same 
transformation T may also be used to generate the polarized resource information S' 
according to S' = T(S, s). In this example, a seed s is used to make reverse engineering of 
the polarisation scheme more difficult 

For example, a document type digital work may be polarized using a simple 
polarization scheme. Li a document, the digital content comprises a series of characters 
in a particular order or location. If the document is to be displayed on a viewing device, 
each character must be able to be displayed at a particular location for viewing by a user 
on the viewing device, such as on a monitor. A coordinate system is required for 
displaying each character on the monitor* so each character in the document can be 
displayed on the monitor. The digital content contains coordinate information which is 
referenced by the monitor's coordinate system. For example, in this paragraph, the letter 
"F* appears at the top line, indented by five spaces. 

A simple polarization scheme for jumbling the text of the above paragraph is to 
translate: the location of the letters with respect to the coordinate system. Eaco letter in 
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the paragraph has an (x,y) location. Suppose the location (x,y) of each letter in the above 
paragraph are polarized using a seed (a,b) from a user's system. The following 
polarization functions may be used to polarize the above paragraph: 

Y = b 7 , for the vertical axis; and 
X - x/a, for the horizontal axis. 

In mis example, the user's device coordinate system must be polarized in order for 
the replay application to transform the digital content into presentation data, i.e., display 
the paragraph on the monitor descrambled. The user's device coordinate system must be 
polarized using the same seed (a, b) to generate a polarized coordinate system. The 
following transformation functions are used to compute both x and y locations of a given 
point: 

Y = Jogb(Y), for the vertical axis; and 
X = aX, for the horizontal axis, 

where log b is the logarithm with base fa- 
llen the replay application obtains the location of a character in the polarized 
digital work, the location is given by (X,Y) = (x/a, b y )- This value is then applied to the 
device coordinate system (X,Y) = {log b (Y), aX) =(x,y). Thus the correct location of "F* is 
displayed on the user's monitor, hi both cases of polarization, the polarized forms of the 
resource infoimation and the digital woik maintain an inherent association. These 
complementary polarized forms of the resource information and the digital work result in 
the basis for a effective mechanism to protect the digital work. While the replay 
application is able to display the polarized digital work, it is only with the polarized 
system context that the icplay application is able to provide clear presentation data- 
While polarization, in general, is not as rigorous a protection as encryption, 
depending on the sensitivity of the digital work to be protected, different levels of 
polarization can be used. A sensitive work may require a high level of polarization; a 
lower valued work may require a weaker type of polarization. If the user's environment 
is trusted, a lower level of polarization may be used. An advantage to using a lower level 
of polarization is that it requires fewer system resources to create the polarized digital 
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work and to render or ieplay the polarized digital work. The type and quality of the 
polarisation seed may also be used in combination with the polarization scheme to 
determine the level and strength of the polarization. For example, a more complex 
polarization seed (such as one containing authorization information from a trusted source 
or a dynamic seed} will provide a higher level of polarisation and strength. 

Polarization typically occurs at the distribution or manufacturing location. Digital 
works are polarized usually prior to distribution to the user or customer using a 
polarization scheme chosen by the manufactuier or distributor. Resource iriformarion to 
be polarised may also be preselected in advance to delivery. Preferably a seed is used for 
each polarization scheme. Also preferably, the seed is generated using information 
provided by the user's system context. 

When a user purchases a digital work, the user preferably provides information 
from the user system in which the user intends to replay the digital work, Tbis 
information may be used to generate the polarization seed for both the polarized digital 
work and the polarized resource information (sometimes called the polarized system 
context). Then the polarized digital work and polarized system context or polarized 
resource information are provided to the user.. Also, typically, but not needed for 
operation of tbis embodiment of the invention, the polarized digital work: and polarized 
system context may be encrypted prior to distribution to the user. Decryption of both the 
polarized digital work and system context may be required prior to replay of the polarized 
digital work into presentation data, depending on the encryption scheme used. 

The process for creating a polarized digital work is divided into three steps. 
These steps are generation of the polarization seed, polarization of the digital work and, 
polarization of the resource information. Once the polarization seed is generated, the 
polarization engine is seeded with it The polarization engine takes as input the digital 
work or the resource information, and generates the polarized form of the digital work or 
the resource information based upon the transformation function seeded with the 
polarization seed. During replay of the polarized digital work, the polari/^d resource 
information is utilized to generate the presentation data and/or image data. The same or 
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different polarization transformation functions can be used foi the digital work and the 
resource information. 

A process for creating a polarized digital work is shown with reference to Figure 
14, A digital work 1410 includes digital concent and a set of resource information used 
for formatting and rendering the digital content into a form usable or viewable by a user. 
The digital work 1410 goes through a process of content polarization 1420 in which the 
digital content is polarized and the resource information is preserved, creating polarized 
digital work 1422. The content polarization 1420 may occur as shown with reference to 
Figure 9. A digital work typicaUy includes content, instructions and formatting. While 
polarisation can occur to the entire digital work, preferably only the content is polarized; 
the instructions and formatting are not polarized. However, in some instances, for some 
replay applications, some of the resource information contained within the digital work 
may also he polarized. This is similar for the format preserving encryption method 
described above. 

Resource extraction 1412 extracts at least one resource information from the set of 
resource information associated with digital work 1410. Extraction consists of copying 
the resource information into a system resource file 1414. System resource 1414 is then 
polarized at resource polarization 1416 to become polarized system resource 1424. The 
polarization scheme for content polarization ;and resource polarization need not be trie 
same. Preferably, each polarization scheme employs a polarization seed 1418 which is 
generated by seed generator 1426- Several exemplary methods for seed generation are 
described below. In particular, in a preferred embodiment, the polarization seed is based 
on unique information from the user's system. 

Several techniques for generation of the polarization seed may be used. For 
example, a seed generator which generates a number from a random number generator 
may be used. This method, referred to as stateless polarization, does not depend on any 
secret key information and user system information. The process for stateless 
polarization yields a specific value for the system for polarization. The inherent 
vulnerability for digital security systems may be found in mishandling secret information, 
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mathematical complexity, and algorithmic complexity. EHminating the secret 
information seals off one target of aitack. With stateless polarization, a random number 
generator produces the polarization seed. In ttiis case, once the polarizatiou process is 
complete the seed is discarded without a trace. Hence, the security of the system is free 
from attack focused on compromising the secret inf oimation, and the user need not 
divulge sensitive information that may be deemed a privacy violation, 

Anotiier seed generator that may be used is a state-based generator. The state- 
based seed generator constructs a seed by first acquiring system state information from 
the user's replay system or rendering device. System state information includes hardware 
identifiers, system settings and other system state-related information. While theie is 
much value in stateless polarization, other security requirements may require use of an 
inseparable link to a particular user system or device. By generating the polarization seed 
from system/device-specific information, the polarizatiou engine will produce a digital 
work that is polarized to a form that corresponds to a specific system/device. 

The polarization seed generator can also be tied to an authorization process. In 
authorization-based polarization, the seed gen eration can be tie in with the outcome of the 
authorization process. A separate authorization repository (which is a trusted source) 
provide authorization information as part of some other security feature associated with 
delivering access to a digital work to a user, r [Tie trusted source of authorization 
information may be an online authorization icpository as described in US Patent No, 
5,629,980, This authorization information is then used to generate a polarization seed. 

If a stateless polarization seed is used, the digital work and its resource 
information may be polarized and stored together for delivery to a user when a user 
purchases the associated rights of use for the particular digital work. If one of the other 
polarization seed generation methods is used, polarization typically must wait until the 
user provides the system state or authorization information before the digital work and 
resource information maybe polarized. 

An embodiment which provides a higher ievel of protection in terms of ensuring 
that the digital work may be replayed only on a specific physical system or device uses a 
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dynamic state based polarization seed. In this embodiment, a polarization engine and 
polarization seed generator must be provided to the replay application or rendering device 
along with the digital work and resource information. In mis embodiment, the digital 
work and resource information are polaiized prior to replay and rendering using a seed 
which is generated based on the dynamic state of the particular system or device. The 
dynamic state may come, fot example, from the system clock, CPU utilization, hard drive 
allocation, cursor coordinates, etc. By polarizing the work using a snapshot of a dynamic 
state, the work is locked to a particular system configuration (i.e., state) in time. 
Polarization of the digital work, and ultimately its blind replay (described below), is 
based upon a dynamically evolving state. The evolution of the dynamic state does not 
yield unique secret information that allows repeatability of the polarization process, and 
hence dynamic-state based polarization makes compromising the polarized digital work 
and system context more difficult. Since the polarization process is carried out within a 
trusted system, it is implied that the process can not be deconstructed. 

The actual process of polarization can be, as described in the example above, an 
algorithmic-based transformation -parameterized by the polarization seed. During 
polarization, the data and resource identifiers of the distal work are transformed as 
described above. The structure of the digital work is unaltered, however, such that the 
original format, such as PDF, DOC, WAV, or other format, is retained much like in the 
format preserving encryption. Similarly the polarization of the resource information 
yields a polarized form of the resource information such that the resource identifiers, 
element identifieis and resource characteristics are transformed, yet the structure of the 
system context remains unaltered. By polarizing the digital work and resource 
information according to the same seed based on a user's specific device or system 
information, an inseparable relationship is established such that the work cannot be 
replayed to its clear form with any other device or user system. If circulated in an 
unauthorized manner, the protection remains in effect. 

During blind replay, the unique characteristics of the polarized resource 
information enable the replay application to properly replay the polarized digital work 
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and generate unrealized or clear presentation data. Because the digital work and the 
resource information were transformed in a complementary manner, the polarized 
elements of the digital work, such as the resource identifiers and data, unknowingly 
reference the complementary elements within the resources of the system context. Due to 
the matching transformation the proper elements within the context are identified by the 
replay application such that the resultant presentation data appears in the clear. Hence, 
the work is protected until the last possible moment after replay. 

As discussed earlier, the conventional distribution of digital works via the web is 
leiativcly straightforward. The work is created using an editor, posted to a web site, 
accessed by the user audience and replayed in a viewer or on a display system. If a 
content owner does not desire to protect his/her digital work (or if the content owner 
trusts all users who will receive the work), the digital work is provided "in the clear" i.e., 
without any encoding, encryption or other pnDtection for direct use by any user. 

If the digital work is downloaded onto the user's system, it is typically stored in 
memory. If the digital work is provided via a storage media, such as floppy disk or CD- 
ROM or DVD-ROM, the digital work is usually accessed directly from storage media. 

in order to play the digital work, refer ring to Figure 15, the digital work 1510 is 
provided to a replay application 15 12. In the case of a document or other type of digital 
work which requires formatting information or resource information, the digital work will 
include digital content plus resource information setting forth the particular system 
context or system resources needed by the replay application to process the digital 
content For example, the digital work 1510 may be a text document in which the text is 
displayed using the Arial font. When replay application 1512 accesses resource 
iriformation on digital work 15 10 indicating Arial font is used, it accesses the appropriate 
system resources 1516 {which in this case is ithe Arial font table) and uses the system 
resource information to convert the digital content into presentation data 1514. 

In some replay applications, converting the digital content into presentation data is 
sufficient for use by the user. In others, presentation data is only an intermediate form 
which must be further converted. For example, in the case of a display system 1524 
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which is a printer, the presentation data 15 14 must be further rendered by rendering 
application 1518. Rendering application 1518 may be a decomposer within the printer. 
Rendering application 15 18 uses other system resources 1516 to transform the 
presentation data 15 14 into image data 1520. Image data 1520 is in a form which can be 
directly displayed on display device 1522 (in the case of a printer, output as a printed 
document). 

In addition to the earlier described systems and methods for protecting a digital 
work during replay, a digital work may be protected during replay by polarizing the 
digital work in accordance with a first polarization scheme which produces polarized 
content and preseives the digital work's resource informatioa, A portion of the digital 
work's resource information is copied and polarized in accordance with a second 
polarization scheme. Referring to Figure 16, replay application 1612 uses the polarized 
resource information 1614 (and any other system resource information 1616 that may be 
required) to transform the polarized digital workl610 into clear presentation data 1618. 
Presentation data is necessarily in the clear, which means it can be captured by other 
programs (such as a screen capture utility program). However, the output of such other 
programs is not in the same format and frequendy not of the same fidelity as the original 
digital work. 

The polarized resource irrforrnation can be thought of as acting like a polarizing 
filter to bring the polarized digital content into a clear image (presentation data). This 
system is a blind replay system in that the replay application, which can be any 
commercial application, does not know or need to know the clear digital content. Blind 
replay operates for any transformation function R, such that R(w',sO = R(w,s), where w' 
is the polarized digital content, w is the clear digital content, s' is the polarized resource 
information and s is the un polarized resource information. Blind replay of polarized 
digital works using polarized resource information is different from blind transformation 
described above in that blind replay produces clear presentation data without having to 
depolaxize it In blind transformation, the replay application converts the encrypted 
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digital work into encrypted presentation data, which must then be decrypted. In both 
cases, the user does not see the original digital work in clear form. 

Blind replay (also called blind rendering) using a polarized digital work and 
polarized resource information can be used alone to protect the digital work during replay 
as well as in addition to regular encryption. For example, the polarized digital work and 
polarized resource information may be encrypted to protect it during distribution, then 
decrypted at the user's system into the polarized digital work and polarized resource 
information. The user must first obtain permiission from the content owner or the 
distributor acting on behalf of the content owner (in order to decrypt the encrypted digital 
work). Once the user is qualified, the encrypted polarized digital work and the encrypted 
polarized resource information are decrypted and the polarized digital work is replayed in 
the replay application using the polarized resource information. 

The complexity of rendering a digital work into a usable form for viewing by a 
user can be used to further protect the digital work during replay. Referring to Figure 17, 
polarized digital work 1710 is provided to replay application 1712, which uses polarized 
system resources 1716 and other system resources 1718 to transform polarized digital 
work 1710 into partially polarized presentation data 17 14. In this emlxxliinent, display 
system 1728 is needed to transform presentation data into a form usable by the user. 
Partially polarised presentation data 17 14 is provided to rendering application 1770 
which uses polarized system resources 1716, local system resources 1722 and system 
resources 1718 to transform the partially polarized presentation data 1714 into clear 
image data 1724. Clear image data 1724 is then displayed on display device 1726 for use 
by the user. Tn this embodiment, presentation data is still polarized, taking the location of 
the clear data to a later point of the display process and providing further protection. 

To enhance usability of the system for polarization of digital works^ the polarized 
resource information may be separated from the digital work and tied to a transportable 
device such as a smart card. In this emb<>diment, the replay application 1712 plays back 
the work using the polarized system resources 1716. Instead of having the polarized 
system resources 1716 stored in a local memory, along with the polarized digital work, 
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17 10, the polarized system resources 1716 is stored in a transportable device such as a 
smart card. Also, the smart card t possibly with hardware-enhanced features, may possess 
attributes that provide for tamper resistance. Within the transportable context, the 
polarized data is processed by the replay application 1712 to yield the partially polarized 
presentation data and then provided to the rendering application 1720. 

Many different types of digital works can be protected throughout use using the 
polarization method. For example, if the digital work is a document or text file, the 
replay application may be a word processor, system resources or resource information 
may include font tables, page layout, and color tables. Tf the digital work is audio or 
video data (e.g., streams), the replay application may be an audio or video player. The 
presentation data will be the audio/video final data stream. The display system may be an 
audio/video device. The rendering application may be the audio/video device driver. The 
image data may be the audio/video device data stream and the display device may be the 
audio/video rendering device (speaker or monitor, for example). 

For a digital work mat is an audio/video data stream, the system resources or 
resource irrfoirnation may include characteristics of the audio/video device: sample rate 
(samples per second - e.g., 8 kHz, 44.1kHz), sample quality (bits per sample - e.g., 8* 
16); sample type (number of channels - e.g., 1 for moao, 2 for stereo), and sample format 
(uisiructions and data blocks). A table of some audio/video data streams and their 
corresponding resource information or variable parameters which can be selected for 
polarization is set forth below: 



Extension 


Origin 


Variable 

Parameters 

(#Fixed) 


Compression 


Player 


.mp3 


MPEG standard 


sample rate, 
quality, #type 


MPEG 


MP3 Player 


.ra 


Real Networks 


sample rate, 
quality, #type 


Plug-ins 


Real Player 


.wav 


Microsoft 


sample rate, 


ADPCM 


Window Media 



(83) 32 002-77137 ( P 2 0 0 2-7 7 1 3 7 A) 







quality, #type 






.sad 


Apple 


sample rate, 
#quality, #type 


MACE 


QuickTime 



Table 1: Digital Work: A/V Data (Streams) 
The structure of a digital work can be used advantageously for polarization. 
While it is possible to polarize the entire digital work, it is more convenient to polarize 
only a portion of the digital work. Most digital works include three primary elements: 
instructions, data, and lesources. Preferably, only the data and resources of tie digital 
work are polarized, much like the format preserving encryption method described above. 
By selecdvely transforming only the data and resources, a digital work may be 
transformed such that the content remains in the original format, yet the data and 
resources are incomprehensible. 

The general layout of a digital work of the document type is shown in Figure 18. 
In Figure 18, digital work 150 includes Page Descriptor 152 s Control Codes 154, 158 and 
162, Resource Identifier 156, and Data 160 and 164. The Page Descriptors 152 define the 
general layout of a work. For instance, the page size, page number, and margins fall into 
the category of Page Descriptors with respect to digital documents. Control Codes 154, 
158 and 162 are similar in that tiiey describe ttie piesentation uf the content. Examples 
include commands to set text position, output text, set font type, and set current screen 
coordinates. Resource Identifiers 156 simply reference the desired resources. In the 
digital document realm, resources could vary from funt typeface to background color. 
Finally, Data 160, 164 represent the core information communicated by the digital work. 
This could be the drawing coordinates used in a multimedia clip or the character codes for 
rendering as a digital document. 

An example of a digital work {in this case a simple digital document) and one of 
its polarized forms are shown in Figures 19 and 20, an HTML document in clear and 
polarized form. The tags <htral> and <body> are Page Descriptors. The 
<font>. . .<\font> tag is an example of a Control Code for setting font resource 
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characteristics, while "Arial" and "14" are Resource Identifiers for an Arial typeface, 14 
point font. The "Hello World" text is the Data, or the core information of the work. The 
<p> is another Control Code to signal the bediming of the paragraph. Finally, the 
document is closed out with Page Descriptors <\body> and <\htrnl> to identify the end of 
the document. 

Figure 20 shows what the digital work of Figure 19 looks like in a polaiized form. 
It can be seen that the Page Descriptor and Control Code tags remain unaltered; the 
<html>, <body> and <font> tags are unchanged. Whereas, the Resource Identifiers, 
"Arial" and "14*', have been transformed to indecipherable values. Similarly, the Data, 
"Hello World' 1 , lias also been transformed to an indecipherable value. By transforming 
the Resource Identifiers and the Data the con tent is rendered meaningless while in the 
polarized form. Yet, the fact that the Page Descriptors and Control Codes remain kitaut 
allows for the document to letain its original format, which in general could be HTML, 
Adobe PDF, RealNetworks RAM, Apple Qui ckTime, etc. 

The system context (or system resources or resource inf ormation) can be thought 
of as the collection of system resources available to a replay application on a particular 
system. For example, it may include the Font Taule, Color Palette, System Coordinates 
and Volume Setting. When a digital work is input to a replay application, the replay 
application uses the particular resource information contained within the digital work to 
transform the digital content into presentation data. Each system context or resource 
information contained within a digital work is or can be altered to be unique to a system 
for which it can be replayed. The system context is a required element for the use of the 
digital work, tying use of the digital woik to a specific system or physical device or replay 
application for replay. The Resource Identifiers and Data within the digital work may 
either directly or mdirectly reference elements contained within the system context. 
Polarizing the digital work and system context enable blind rendering into clear 
presentation data. By rwlarizins the system context with a polarization seed that is tied to 
a unique system, the resulting polarized system context can be a unique environment in 
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which a complementary polarized digital work, which has been polarized with the same 
polarization seed, may be accessed and replayed. 

Figure 21 illustrates a typical configuration of the system context. The elements 
include the resource identifier (ResID), element identifier (ElemID), and resource 
characteristics (Characteristics). The ResED includes pertinent information for other 
system components to reference the resources. The ElemID is the identifier of an 
individual element within the resource. Finally* the Characteristics are the actual resource 
characteristics used to express the individual resource element. 

Figure 22 is an illustration of the resource for the font table pertaining to the Arial 
typeface. The key resource identifier in this case is the font name, "Arial". Following the 
ASCII convention, the number 48 identifies the individual resource element identifier. 
The resource element characteristics for the ElemID represent the information to express 
the letter V. 

Figure 23 is an illustration of the polari/.ed the system context for the font 
resource shown in Figure 22. The resource identifier itself is transformed to *'kl3k2". 
The element identifier itself need not be transformed, as it is sufficient enough to 
transform the resource characteristics alone. In this case, "48" is depicted as transformed 
to express the characteristics for 4 Y* instead of 'a*. 

Polarization and blind rendering may be used for many different types of digital 
works. In addition to documents, polarization and blind rendering may be used for 
audio/video data. As noted above, audio/video data is generally provided in the form, of 
streams. A replay application is the audio/video player which transforms the digital 
audio/video stream into a final data stream which can be processed by a transducer 
(speaker) into an audio output or by a display into a video image. 

Referring to Figure 17* replay application 1712 corresponds to an audio/video 
player which generally operates by sampling the audio/video input streams 1710 at some 
sample rate, quality and type accepted by a. target audio/video device. It uses the 
audio/video system resources to sample, mix and produce audioAideo streams and then 
mixes the resamplcd audio/video streams to produce a final audio/video stream in a 
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format expected by the target device* fa the case of an audio/video player, the 
presentation data 1714 is the final mixed audio/video stream at some sample rate, quality, 
type and format expected by a target audio/video device. 

The target audio/video device (e.g., rendering application 1720) is some hardware 
system that is able to con veil the audio/video stream (presentation data 1714) at a specific 
sample rate, quality, type (channel) and format (e.g., PAL or NTSC) to the device 
audio/video data 1724. Examples of audio devices include sound cards, speakers, 
monitors and the digital to analog converter located within the audio/video device. Many 
devices are able to play audio/video streams at a range of different sample rates. Image 
data 1724 (e.g. an audio signal or a video image stream) is generated by the audio/video 
device driver 1720 and "consumed" by the display device 1726. 

For example, to polarize an audio/video data stream, it may be split into two or 
more separate streams. One stream is polarized and one stream is unpoiarized. Each 
stream may have different device characteristics {resource information): sample rates, 
channels, qualities and/or foi mats associated with it. The device characteristics (one or 
more of the stream's sample rates, channels, qualities andVor formats) may also be 
polarized to generate the polarized resource information. 

Blind replay of the polarized audio/video stream is accomplished in a similar 
manner as for a polarized digital document. The replay application (audio/video player) 
mixes together the un polarized stream and the polarized stream, and using the polarized 
resource information, produces a polarized final data stream for the target audio/video 
device with a coirect set of resource information. The target device (1720) uses the 
polarized resource inforrnadon to play the polarized data stream generating clear 
sound/visual effects (1724). 

While certain exemplary embodiments of the invention have been described in 
detail above, it should be recognized that other forms, alternatives, modifications, 
versions and variations of the invention are equally operative and would be apparent to 
those skilled in the art The disclosure is not intended to limit the invention to any 
particular embodiment, and is intended to embrace all such forms, alternatives, 

modifications, versions and variations. For e xample, the portions of the invention 
described above that are described as software components could be implemented as 
hardware. Moreover, while certain functional blocks are described herein as separate and 
independent from each other, these functional, blocks can be consolidated and performed 
on a single general-purpose computer, or further broken down into sub-functions as 
recognized in the art. Accordingly, the true scope of the invention is intended to cover all 
alternatives, modifications, and equivalents and should be determined with reference to 
the claims set forth below. 
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What is Claimed is: 

L A method of protecting a digital work, z, during transformation by a 
transformation function, F, into presentation data F(z), wherein the digital work includes 
digital content and formatting information, comprising: 

encrypting the digital wort z, in accordance with a format preserving encryption 
scheme, E; 

transforming the encrypted digital work E(z) into encrypted presentation data, 
F(F{z)); and 

decrypting the encrypted presentation data, F (E(z)), in accordance with a 
decryption function, D, to obtain the presentation data, F(/) t wherein D(F(E(z)) ■= F{z). 



2 * A system of protecting a digital work, z, during transformation by a 
transformation function, F, into presentation data F(z), wherein the digital work includes 
digital content and formatting informatian, comprising: 

an encryption engine for encrypting the digital work, z, in accordance with a 
format preserving encryption scheme, E; 

a transformation function for rj^sforming the encrypted digital work E(z) into 
encrypted presentation data, F(H(z)); and 

a decryption engine for decrypting the encrypted presentation data, F (E(z)), in 
accordance with a decryption function, D, to obtain the presentation data, F(z) t wherein 
D(F(B(z))=F(z). 
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<html> 
<body> 

<font name^'Arial" size^l4"> 

Hello World 

</font> 

<P> 

</body> 
</htmI> 



[H2 0 ] 



<himl> 
<body> 

<font name^'klSkZ" slze="2r'> 

vOaa 8 aaO 

</font> 

<P> 

</body> 
</hcml> 
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Abstract of the Disclosure 

A method of protectiug a digital work uses a format preserving encryption scheme 
to encrypt the digital work. This enables any native replay application or rendering 
application to transform an encrypted digital work into encrypted presentation data. The 
originator's digital content is protected in its original form by not being decrypted. This 
method enables the rendering or replay application to process the encrypted document 
into encrypted presentation data without decrypting it first. Encrypted presentation data is 
then decrypted just before it is displayed to the user. An additive encryption schenrie is a 
particular type of encryption scheme which preserves formatting of a digital work. 



